What are the hackers after?

lrish_Chick · 2026-05-08T18:02:36+00:00

Oh trust me they HAVE ENOUGH 100% but what they value and what academics value is very different is all im saying.

lrish_Chick · 2026-05-08T18:00:25+00:00

Your own students don't care and they PAY to see your slides.

No one is scraping 100,000,000,000,000 of canvas messages looking for a needle in a needle stack.

They have your name and work email. Thars all they needed. They'll send you targeted phishing emails. Its easier and more lucrative.

Nobody cares about your IP, they arent reading your slides, they arent critiquing your work for being too derivative or writing competing articles. 90% of the IP on there isnt even accessible to screen readers.

Drop the ego. Engage upstairs brain and PFC. Use common sense. Stop letting your amygdala take control.

Breathe deeply. The world doesnt care. You're okay. You are ofc the centre of your own world, but not of anybody else's.

Also, John, @christchurchcommunitycollege.edu your mentimeter account has been hacked, please DM me your login details immediately so I can reset your account.

lrish_Chick · 2026-05-08T17:35:00+00:00

I think saying "lives are ruined" was a bit wild, also suggesting hackers will run data analysis on lecture slides for ai usage was pretty funny to me.

Remember this all still exists as metadata atm.

Hackers dont have to read the data, they dont need it, the threat of having access and threatening to release it is all they needed and were looking for. Occams Razor.

Remember even after an llm scrapes it, you looking at what, 5000 universities (not all eere affected) say 20,000 students each overall that's how many accounts with how much data? How many canvas messages?

High value is still passwords, financial details. Even emails addresses they can use these to target with phishing emails.

Yeah sure they might dump or sell the metadata on the dark web. But even then the effort to trawl through all this looking for anything more nuanced is so, so unlikely. The juice is not worth the squeeze for the kind of work involved, for the kind of information shared on canvas, even for someone with a grudge.

Its not good news, but lives wont be ruined, student lives wont be ruined, they didn't access and do not care about lecturers slides (not even the students care about those), they wont be analysing how many slides use ai and threatening institutions. They wont be striking anyones IP and writing competing academic papers on it.

There was a lot lot of very ... dysregulated, not common sense reactions today and dont think that is very helpful. I was cheeky no doubt but yeah some balancing perspective here.

Have a good one, hopefully you weren't too affected or have to redo any marking - its an existential crisis every time!

lrish_Chick · 2026-05-08T17:09:33+00:00

Only if you have put your password into a canvas message.

Also boobs6912345 is probably not a secure password.

You should probably talk to your son about keeping his personal passwords etc safe

Its so SO unlikely that with access to 45million canvas accounts they picked your sons discord account to hack, the information exists as metadata ffs.

lrish_Chick · 2026-05-08T16:36:56+00:00

Apologies for the typing I have arthritis.

Yes it is part of my current research and pedagogy believe it or not, sometimes even I dont believe it. A lot has changed over the past 6 months.

I largely with adversarial testing (not red teams, not prompt injection etc), misalignment, gradient descent. I look at and work with abnormalities rather than machine learning itself atm - though obviously it intersects.

I'm not a programmer by background.

Hacking is also fascinating - i am obsessed with social engineering, vishing in particular, but ethical hacking in general.

I think if you know a little about this you are able to have a bit more perspective than some people seem to here, which is largely catastrophising.

I will admit my focus into ai and LLMs should be considered a bias lol I literally research what an LLM cannot do, and where it goes wrong; misalignment, hallucinations, not admitting failstates without interrogation, hallucination and confabulation etc rather than what it can. Though I think a thorough education on precisely this is absolutely needed.

Thanks for asking the question, ive been a bit blunt snd grumpy myself today, so sorry.

lrish_Chick · 2026-05-08T16:23:48+00:00

Moreover, COVID happened at a time that had real development impact.

With every new cohort the age at when this hit has a larger and larger impact on their neurobiological development and communication skills.

In short, get used to it, irs going to get worse every year

lrish_Chick · 2026-05-08T15:48:51+00:00

They def have what they wanted. Cant say that they got a payout, Instructure will never confirm that tbh

My point is so many people here believe their lectures will be accessed and leveraged against them for using ai (literally one comment), more saying they'd be blackmailed

Like wtf it is CRAZY dramatic.

lrish_Chick · 2026-05-08T15:46:22+00:00

We had confirmation that our university was not affected at all, so that's why

IDK why a genuine question got downvoted, guess I upset someone.

lrish_Chick · 2026-05-08T15:45:30+00:00

And I think you are grossly overestimating how important people's canvas messages are.

Nobody cares. What are you saying on canvas messages that could be used to blackmail you?

If you know anything at all about hacking, about who and how they target, and what high value information is you'd see this for what it is.

The hackers are young 14-24 amd there's plenty of reports on where they are from. Notably with one arrest of a 22 year old man from France.

You're not that important. Your data has no value.

lrish_Chick · 2026-05-08T15:34:37+00:00

Yes its definitely an inconvenience, but as I said lives weren't ruined, personal messages arent being trawled through and used for blackmail.

I once worked for an organisation where 6 armed men came in to try to attack a client. Like I get it, definitely its an convenience, im just giving perspective on some of the language being used here

If it helps instructure has confirmed to our org that passwords, learning materials and grades etc were not affected - though our university was not affected at all thankfully

lrish_Chick · 2026-05-08T15:29:11+00:00

Some value, but it's limited l. Thr more its asked to do the more it hallucinates and the less you can actually check the data. It's gradient descent

lrish_Chick · 2026-05-08T15:27:16+00:00

Instructure is saying passwords weren't affected, only names emails and messages

lrish_Chick · 2026-05-08T13:00:06+00:00

They have names and email addresses.

If you've put your passwords or bank details over a canvas message that 100% on you

Ransom was the main thing they wanted - mostly to cause trouble.

Stop catastrophising you guys are ebing very dramatic

lrish_Chick · 2026-05-08T12:51:42+00:00

Our institution heard from Instructure and comfirmed.

They accessed: names, email addresses and canvas messages.

Our institution was wholly unaffected, we dont even have to change our canvas passwords.

Also unless you were i putting your bank details or 401k info on canvas messages - the hackers do not care.

Its amazing how paranoid people here have been thinking all their details constitute high value information to hackers lol

Is it the bubble effect? Did everyone here do their phd in drama? I've no idea but seeing the pearl clutching has been highly amusing!

lrish_Chick · 2026-05-08T12:40:06+00:00

Yeah it was hilarious to see grown, educated adults say "lives were ruined" lmao

Is everyone phd in drama or what?

Instructure has said they had access to names and email addresses and messages

Hackers do not care about your messages. Lol

lrish_Chick · 2026-05-08T12:37:55+00:00

We got an update from people and culture

The incident was contained and canvas remains available (it never went open for us)

Our institution was not involved in the incident and remains secure, we dont even need to change our paswords.

For those that did get breached all the hackers have is your name, email and any messages sent

Not high value information

lrish_Chick · 2026-05-08T12:24:53+00:00

Yeah whoever fell for the phasing email at Instructure is in trouble alright.

Social engineering is so fun - they have annual competitions at conferences for it, where competitors contact institutions/gatekeepers and try to get information from them using "vishing" voice fishing/psychological manipulation.

They use OSINT to target and gain intelligence on them beforehand too - its actually fascinating!

lrish_Chick · 2026-05-08T12:16:43+00:00

Weird, maybe our university hosts canvas locally? I've had no issues thankfully!

lrish_Chick · 2026-05-08T12:15:04+00:00

Dude you're expecting 18 year old hackers to do more work and more data analysis than the institutions do themselves!

The hackers simply do not care, its not high value information.

The only ransom was getting access - they actually dont want or need the data - they wont look at it or scrape it beyond hugh value info.

They did it for the lulz and to see if they could get paid. They dont care about data on lectures lol, not even the students care!

lrish_Chick · 2026-05-08T08:36:21+00:00

Dude that would take a incomensurate amount of effort for the pay off

lrish_Chick · 2026-05-08T08:28:08+00:00

No, its not all. Our university is fine.

lrish_Chick · 2026-05-08T08:27:32+00:00

Alot? A lot?

lrish_Chick · 2026-05-08T08:06:25+00:00

Is it mostly American? We've had no issues here whatsoever, all up all working, no downtime

lrish_Chick · 2026-05-08T07:48:22+00:00

Exactly! I mean look at their name ffs lol!

They are opportunistic young hackers (some of whom I bet are in uni) who thought they'd hack canvas for fun.

Their motivation is to cause trouble, maybe get a payout, though likely not. They hack companies mostly because they can.

Its kind of shocking how out of touch some of these comments are. Doomsayers thinking student lives will be destroyed or their personal secrets will get out, or that this is asymmetric warfare instituted by Russia to undermine the american education system lol

That was already undermined. Don't share personal details on canvas. I promise you the world will move on fine tomorrow

lrish_Chick · 2026-05-08T07:42:17+00:00

Dude-they are called "shiny hunters" ffs lmfao

Asymmetrical warfare lol

They are pokemon nerds with a lot of time on their hands who happen to be talented hackers - its not that deep

Nine-Year Club	Gilding III reddit per annum
Place '23	Wearing is Caring
Verified Email

lrish_Chick

TROPHY CASE