The technology company Instructure , primarily known for developing the educational platform Canvas LMS, has confirmed that it reached an agreement with the cybercriminal group ShinyHunters to attempt to prevent the publication of stolen information following a recent security incident.
The news, revealed by BleepingComputer , once again brings to the forefront a practice that is increasingly common in the corporate world: negotiating with attackers to avoid public exposure of sensitive data.
According to the report, Instructure detected that information related to some of its systems was obtained by actors linked to ShinyHunters, a group widely known within the cybercrime ecosystem for participating in multiple mass data breaches in recent years.
Although the company did not publicly confirm whether it made a financial payment, it did acknowledge reaching an "agreement" with the attackers to prevent the information from being disseminated or sold on underground forums.
ShinyHunters has become known for attacking technology platforms, online services, and companies with large user bases. The group gained notoriety after publishing and selling databases belonging to international companies, including e-commerce services, social media platforms, and technology providers.
In this case, Instructure indicated that it is continuing to investigate the full scope of the incident while working alongside external incident response experts and relevant authorities.
The company also stated that, to date, there is no evidence that financial data or passwords have been compromised. However, some of the information obtained could include internal data and corporate files extracted from affected systems during unauthorized access.
The incident reflects a growing trend in modern ransomware and digital extortion operations: even when systems are not encrypted, attackers use the threat of publishing stolen information as the primary coercive mechanism.
In many cases, organizations find themselves facing an extremely complex decision. Allowing data to be published can result in severe reputational damage, regulatory problems, and potential legal liabilities, while negotiating with cybercriminals raises an ethical and strategic debate about whether such agreements incentivize future criminal activity.
Security experts have warned for years that groups like ShinyHunters operate under increasingly professionalized models, similar to clandestine businesses. They use selective leaks, encrypted communication channels, and public pressure tactics to maximize their impact on their victims.
The education sector has also become an increasingly attractive target for attackers. Academic platforms often store large volumes of personal information, internal records, and institutional data, which can be valuable for extortion as well as subsequent phishing and social engineering campaigns.
The Instructure case also occurs in a context where data leaks are continuing to increase globally. Organizations of all sizes are facing more automated and sophisticated attacks, partly driven by artificial intelligence-based tools that enable faster vulnerability recognition, analysis, and intrusion campaigns.
While the investigation continues, the situation once again raises an uncomfortable question for the technology industry: To what extent can negotiating with criminal groups be considered a valid strategy for protecting users and businesses?
Currently, Instructure is betting that the agreement with ShinyHunters will allow them to contain the impact of the incident and prevent the stolen information from circulating publicly on the network.
BleepingComputer – Instructure reaches agreement with ShinyHunters to stop data leak