The ShinyHunters extortion group has leaked knowledge from 13.5 million McGraw Hill person accounts, stolen after breaching the corporate’s Salesforce atmosphere earlier this month.
Based in 1909, McGraw Hill is a number one international instructional writer with annual income of $2.2 billion, which offers training content material and options for PreK–12, increased training, {and professional} studying.
The corporate confirmed ShinyHunters’ breach claims in a press release shared with BleepingComputer on Tuesday, saying the risk actors exploited a misconfiguration within the compromised Salesforce atmosphere and that the incident did not have an effect on its Salesforce accounts, courseware, buyer databases, or inside programs.
“McGraw-Hill lately recognized unauthorized entry to a restricted set of information from a webpage hosted by Salesforce on its platform. This exercise seems to be a part of a broader situation involving a misconfiguration inside Salesforce’s atmosphere that has impacted a number of organizations that work with Salesforce,” a McGraw-Hill spokesperson advised BleepingComputer.
This got here after ShinyHunters added the corporate to the gang’s darkish internet leak website, claiming to have stolen 45 million Salesforce information containing personally identifiable data (PII) and threatening to leak the allegedly stolen paperwork on-line until a ransom is paid.
Whereas McGraw Hill has but to share what number of people have been affected by the ensuing data breach, data breach notification service Have I Been Pwned says ShinyHunters has now leaked over 100GB of information containing knowledge linked to 13.5 million accounts.
The uncovered data contains names, bodily addresses, telephone numbers, and electronic mail addresses, which risk actors may use to focus on McGraw Hill prospects in spear-phishing assaults.
“In April 2026, training firm McGraw Hill confirmed a data breach following an extortion try. Attributed to a Salesforce misconfiguration, the corporate acknowledged the incident uncovered ‘a restricted set of information from a webpage hosted by Salesforce on its platform’,” Have I Been Pwned mentioned right this moment.
“Greater than 100GB of information was later publicly distributed, containing 13.5M distinctive electronic mail addresses throughout a number of information, with further fields equivalent to title, bodily handle and telephone quantity showing inconsistently throughout some information.”
This week, ShinyHunters has additionally began leaking knowledge stolen after breaching the Snowflake atmosphere of American online game writer Rockstar Video games. The stolen knowledge contains inside analytics used to observe Rockstar’s on-line companies and help tickets, in addition to in-game income and buy metrics, participant conduct monitoring, and sport financial system knowledge for Crimson Useless On-line and Grand Theft Auto On-line.
In current months, the extortion gang was additionally behind security breaches affecting the European Fee, Infinite Campus, Hims & Hers, Telus Digital, Wynn Resorts, CarGurus, Panera Bread, SoundCloud, and courting large Match Group.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, reveals the place protection ends, and offers practitioners with three diagnostic questions for any instrument analysis.
