ShinyHunters breached Instructure’s Canvas platform twice in one week, stealing 3.65 terabytes of data from 275 million users and disrupting thousands of schools during final exams. The incident shows why SaaS security must focus on identity governance, blast-radius reduction, and cryptographic protections that limit the value of stolen data. #ShinyHunters #Instructure #Canvas #HouseHomelandSecurityCommittee
Keypoints
- ShinyHunters used compromised Free-For-Teacher accounts to enter Canvas.
- The attackers defaced login pages and forced the platform offline during exams.
- They stole 3.65 terabytes of data from about 275 million users.
- The breach exposed weaknesses in identity controls and SaaS access governance.
- Encryption, crypto-agility, and post-quantum readiness are now critical defenses.
Read More: https://cyberscoop.com/canvas-breach-saas-security-identity-governance-op-ed/