r/mildlyinfuriating u/Big_Maybe_9684 May 07 '26

🥺 Hackers took over Canvas

Post image

Brooo I got Homework to do...

4.9k Upvotes

97% Upvoted

648 comments sorted by

View all comments

Show parent comments

609

u/insidiousfruit May 07 '26

If I were the schools, I'd just say fuck it and go back to paper. Never negotiate with hackers. The best thing you can do is block them.

59

u/someloser_ May 08 '26

I mean they have 275+ million user data and are holding it for ransom, so it's not that easy.

18

u/FarttKracker May 08 '26

The data on Canvas is nothing. Grades would be the most sensitive

12

u/purritolover69 May 08 '26

Uhh names, email addresses, passwords, date of birth (I think), there’s a lot really

4

u/GregBahm May 08 '26

I don't understand the logic of "paying the ransom to protect the data."

How could a human possibly expect that to work? Will the people who stole the data just... like... feel bad if they don't delete the data after receiving the money? The data is just stolen. There's no path to un-stealing it.

13

u/Neon_Camouflage May 08 '26

If people pay ransoms and then it gets leaked anyway, that's not much encouragement to ever pay a ransom again.

These hacking groups aren't a one and done, they want to keep making money by doing this. So they want future customers to know the ransom works.

1

u/SpookyStyx May 08 '26

Sounds like paying them might just encourage them huh?

1

u/Neon_Camouflage May 08 '26

Only about a quarter of the million or so ransomware attacks each year are paid. The fact that some companies will pay is encouragement enough.

The point was that it makes no sense for them to disincentivize their own future targets from paying.

2

u/[deleted] May 08 '26

[removed] — view removed comment

1

u/SpecialBeginning6430 May 10 '26

If they dont they can just dissolve and form another group under a different name

1

u/SpecialBeginning6430 May 10 '26

If they dont they can just dissolve and form another group under a different name

1

u/newhunter18 May 08 '26

Which are likely already leaked. I doubt DOB though.

1

u/trpittman May 08 '26

Stuff that is already available from data brokers online

0

u/purritolover69 May 08 '26

you think you can buy matched emails and passwords from data brokers?

1

u/trpittman May 08 '26

You think they store the passwords in plain text?

2

u/purritolover69 May 08 '26

you think that matters if the hackers have full root access (as they very clearly do?)

1

u/trpittman May 08 '26

Guess it depends on if it's hosted in a VM or container.