The Canvas breach proved that prevention is no longer enough

This report analyzes the ShinyHunters breach of Instructure’s Canvas, where attackers used compromised Free‑For‑Teacher accounts to move laterally, exfiltrate ~3.65 TB of data from roughly 275 million users, deface hundreds of school login pages, force outages during exams, and extract a ransom; it argues the incident exposes systemic SaaS risk from concentrated data, weak identity controls, insufficient data-level cryptography, and the long-lived value of stolen data.