The ShinyHunters extortion workforce has leaked information from 13.5 million McGraw Hill person accounts, stolen after breaching the corporate’s Salesforce surroundings previous this month.
Based in 1909, McGraw Hill is a number one world instructional writer with annual income of $2.2 billion, which gives training content material and answers for PreK–12, upper training, {and professional} finding out.
The corporate showed ShinyHunters’ breach claims in a commentary shared with BleepingComputer on Tuesday, pronouncing the danger actors exploited a misconfiguration within the compromised Salesforce surroundings and that the incident did not impact its Salesforce accounts, courseware, buyer databases, or inside techniques.
“McGraw-Hill not too long ago recognized unauthorized get entry to to a restricted set of knowledge from a webpage hosted via Salesforce on its platform. This task seems to be a part of a broader factor involving a misconfiguration inside Salesforce’s surroundings that has impacted a couple of organizations that paintings with Salesforce,” a McGraw-Hill spokesperson instructed BleepingComputer.
This got here after ShinyHunters added the corporate to the crowd’s darkish internet leak web site, claiming to have stolen 45 million Salesforce data containing individually identifiable knowledge (PII) and perilous to leak the allegedly stolen paperwork on-line until a ransom is paid.
Whilst McGraw Hill has but to proportion how many people have been suffering from the ensuing information breach, information breach notification provider Have I Been Pwned says ShinyHunters has now leaked over 100GB of recordsdata containing information connected to 13.5 million accounts.
The uncovered knowledge comprises names, bodily addresses, telephone numbers, and e-mail addresses, which danger actors may just use to focus on McGraw Hill consumers in spear-phishing assaults.
“In April 2026, training corporate McGraw Hill showed a knowledge breach following an extortion try. Attributed to a Salesforce misconfiguration, the corporate said the incident uncovered ‘a restricted set of knowledge from a webpage hosted via Salesforce on its platform’,” Have I Been Pwned mentioned nowadays.
“Greater than 100GB of knowledge used to be later publicly dispensed, containing 13.5M distinctive e-mail addresses throughout a couple of recordsdata, with further fields similar to title, bodily cope with and make contact with quantity showing unevenly throughout some data.”
This week, ShinyHunters has additionally began leaking information stolen after breaching the Snowflake surroundings of American online game writer Rockstar Video games. The stolen information comprises inside analytics used to watch Rockstar’s on-line products and services and make stronger tickets, in addition to in-game income and buy metrics, participant conduct monitoring, and sport financial system information for Crimson Lifeless On-line and Grand Robbery Auto On-line.
In fresh months, the extortion gang used to be additionally at the back of safety breaches affecting the Ecu Fee, Limitless Campus, Hims & Hers, Telus Virtual, Wynn Motels, CarGurus, Panera Bread, SoundCloud, and courting massive Fit Team.
Computerized pentesting proves the trail exists. BAS proves whether or not your controls forestall it. Maximum groups run one with out the opposite.
This whitepaper maps six validation surfaces, displays the place protection ends, and offers practitioners with 3 diagnostic questions for any instrument analysis.
