Student at an impacted university here.

Our whole testing center is down. This is inconvenient, but mainly it's amusing. I swear strangers are talking to each other more. I'm noticing people just sitting in the sun and relaxing. Nature is healing.

(Of course, plenty of people have also just finished their exams, so it's hard to know the cause.)

Any idea what data Instructure-and-also-now-ShinyHunters even purport to have beyond names, profile photos, pronouns, homework assignments, school communications, phone numbers, and email addresses?

i.e. What makes this threat so different from what any old data brokers have already scraped?

What leverage besides aura farming do the ShinyHunters really have?

All I can think of that's really valuable is passwords. And private communications in Canvas DMs. But if you're being at all intimate over your school email, that's kinda on you.

Anyway surely Instructure only stores user public keys or something?

Alternate history question: If they just sold the data, never revealed the hack, and didn't make a scene, from a customer perspective, how different would this be from business as usual?