McGraw Hill Data Breach Impacts 13.5 Million Users
▼ Summary
– The ShinyHunters extortion group leaked data from 13.5 million McGraw Hill user accounts after a breach.
– McGraw Hill confirmed the breach resulted from a misconfiguration in its Salesforce environment, not affecting its core systems.
– The leaked data includes names, addresses, phone numbers, and email addresses, posing a spear-phishing risk.
– ShinyHunters had threatened to leak the data unless a ransom was paid after claiming to steal 45 million records.
– The same group recently leaked data from a Snowflake breach at Rockstar Games and has been linked to breaches at multiple other major organizations.
A significant data breach impacting a major educational publisher has exposed the personal information of millions. The ShinyHunters extortion group has publicly leaked data tied to 13.5 million user accounts belonging to McGraw Hill. The cybercriminals gained access by exploiting a misconfiguration in a Salesforce environment used by the company earlier this month.
McGraw Hill, a global education firm founded in 1909 with $2.2 billion in annual revenue, confirmed the incident. In a statement, a company spokesperson attributed the unauthorized access to a broader issue with Salesforce’s platform configuration, noting it affected multiple organizations. The company emphasized that its core Salesforce accounts, customer databases, and internal systems were not compromised.
The leak followed a ransom threat from ShinyHunters, who had listed McGraw Hill on their dark web site. The group initially claimed possession of 45 million records containing personally identifiable information (PII) and demanded payment to prevent publication. According to the data breach notification service Have I Been Pwned, the gang ultimately released over 100GB of files containing the data.
The exposed information includes names, physical addresses, phone numbers, and email addresses. This type of PII is highly valuable to threat actors, who can use it to craft targeted spear-phishing attacks against the affected individuals. Have I Been Pwned confirmed the dataset contains 13.5 million unique email addresses, with the additional personal data fields appearing inconsistently across the records.
This incident is part of a wider campaign by the prolific ShinyHunters group. Just this week, they also began leaking data stolen from the Snowflake environment of video game publisher Rockstar Games. That breach exposed internal analytics, support tickets, and detailed player metrics for popular online games. In recent months, the same threat actors have been linked to breaches at major organizations including the European Commission, Match Group, and Panera Bread, highlighting their continued focus on large-scale data theft and extortion.
(Source: BleepingComputer)
