On the Canvas hack, Alan Jacobs blogs that universities have become dependent on big platforms which are then appealing targets for hackers:

But universities that deploy these big platforms should realize that our data — that of professors and students — as only as safe as the companies’ security practices are sound. And companies like Instructure are so deeply embedded in American university life now that they think they can’t be rejected — no matter how gross their failure to maintain security. An exploit like this is therefore easily predictable.