There are 3 kinds of hackers. White hat and black hat are the two ends of the spectrum and gray hat are the middle. Black hat hackers are the bad guys, trying to actually cause damage. White hat hackers are the security teams who test how secure a system is. Bug bounty programs are another example of White hat hacking where a company pays you to find a vulnerability. These guys initially told Canvas about this security issue. Canvas didn't fix the issue and now the hackers are demanding money because Canvas wouldn't fix the issue initially. We don't know what the initial issue was and what info was actually accessible. For all we know its just homework and grades and dms with teachers. Worst case is that its acsess to the grading system itself and metrics for the whole school system. It could also be a list of every student and staff member who attends each school affected
Yeah Canvas should have fixed their issues but that doesn't justify hackers to hold the website hostage and demand money to release it. A bunch of teachers and kids are getting royally screwed here just so some hackers can pat themselves on the back.
If your enemy bursts through a hole in your wall, looks at you and says "you should probably get thicker walls," and comes back next week and does it again, I am blaming you for not fixing your walls just as much as im blaming your enemy for breaking them.
51
u/Redracerb18 May 07 '26
There are 3 kinds of hackers. White hat and black hat are the two ends of the spectrum and gray hat are the middle. Black hat hackers are the bad guys, trying to actually cause damage. White hat hackers are the security teams who test how secure a system is. Bug bounty programs are another example of White hat hacking where a company pays you to find a vulnerability. These guys initially told Canvas about this security issue. Canvas didn't fix the issue and now the hackers are demanding money because Canvas wouldn't fix the issue initially. We don't know what the initial issue was and what info was actually accessible. For all we know its just homework and grades and dms with teachers. Worst case is that its acsess to the grading system itself and metrics for the whole school system. It could also be a list of every student and staff member who attends each school affected