Earlier this month, hackers linked to the ShinyHunters group altered Canvas login portals at multiple schools by injecting content that displayed an extortion message. Canvas was taken offline to contain the issue and investigate.
Exposed data may include names, email addresses, student IDs, and user messages. No financial information or passwords were confirmed stolen. Instructure, the makers of Canvas, recently agreed to pay the ransom.
How You Can Reduce Your Risk
This incident shows how one vendor issue can disrupt many organizations at once. Organizations are increasingly relying on cloud-based SaaS products, then outsourcing security concerns to those providers. But even when the hackers get your vendors instead of you, your users, your systems, and your data all become the next target.
In this case, security teams noted an uptick in scam emails sent to Canvas’s affected customers. Organizations that rely heavily on cloud apps and Single Sign On (SSO) are particularly vulnerable to these types of vendor attacks.
You can’t always control what your vendors do, but you can reduce risk in your organization. Here’s how:
- Turn on MFA for admins and all high-access roles across every cloud tool.
- Review SSO settings and remove old integrations you no longer use.
- Rotate API keys and tokens for connected apps that touch sensitive data.
- Train teams to avoid “urgent payment” messages and face maintenance screens.
LeeShanok Network Solutions Helps You Stay Ahead
Cloud attacks move fast, so defenses must stay ready every day. LeeShanok Network Solutions hardens cloud logins with MFA, conditional access, and least privilege. We also review Saas integrations and set alerts for risky sign-ins. Our phishing training helps your staff spot the follow-up scams that usually come next.