top of page
perceptive_background_267k.jpg

Data breach at edtech giant McGraw Hill affects 13.5 million accounts

Published:

16 april 2026 om 10:35:09

Alert date:

16 april 2026 om 11:01:14

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Data Breach & Exfiltration, Cloud & Virtualization, Enterprise Applications

The ShinyHunters extortion group breached McGraw Hill's Salesforce environment and leaked data from 13.5 million user accounts. This represents a significant data breach affecting a major educational technology company, exposing sensitive information of millions of users including students and educators. The breach demonstrates the continued threat posed by extortion groups targeting large organizations through cloud platform vulnerabilities.

Technical details

ShinyHunters exploited a misconfiguration in McGraw Hill's Salesforce environment to steal data from 13.5 million user accounts. The attack was part of a broader Salesforce misconfiguration issue affecting multiple organizations. The breach exposed over 100GB of data containing names, physical addresses, phone numbers, and email addresses. The incident did not affect McGraw Hill's internal Salesforce accounts, courseware, customer databases, or internal systems.

Mitigation steps:

Organizations using Salesforce should review their configurations to prevent similar misconfigurations. Users should be aware of potential spear-phishing attacks using the exposed personal information including names, addresses, phone numbers, and email addresses.

Affected products:

McGraw Hill Salesforce environment
Salesforce platform

Related links:

https://www.bleepingcomputer.com/news/security/mcgraw-hill-confirms-data-breach-following-extortion-threat/
https://haveibeenpwned.com/Breach/McGrawHill
https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/
https://www.bleepingcomputer.com/news/security/cert-eu-european-commission-hack-exposes-data-of-30-eu-entities/
https://www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/
https://www.bleepingcomputer.com/news/security/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach/
https://www.bleepingcomputer.com/news/security/telus-digital-confirms-breach-after-hacker-claims-1-petabyte-data-theft/
https://www.bleepingcomputer.com/news/security/wynn-resorts-confirms-employee-data-breach-after-extortion-threat/
https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
https://www.bleepingcomputer.com/news/security/panera-bread-data-breach-impacts-51-million-accounts-not-14-million-customers/
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/
https://www.bleepingcomputer.com/news/security/match-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page