Data breach at edtech giant McGraw Hill affects 13.5 million accounts

Educational publishing giant McGraw-Hill has confirmed a significant data breach after cybercriminal group ShinyHunters gained access to sensitive information through a misconfigured Salesforce environment.
According to reports, the attackers initially demanded a ransom and claimed to have stolen around 45 million records. When negotiations reportedly failed, the group released more than 100 GB of data online, exposing a large volume of customer information.
The leaked dataset included approximately 13.5 million unique email addresses, along with names, phone numbers, and physical addresses associated with some records. While McGraw-Hill acknowledged the incident, the company stated that the unauthorized access was limited to a specific Salesforce-hosted webpage and did not affect its core Salesforce accounts, internal systems, customer databases, or educational platforms.
Cybersecurity experts note that Salesforce misconfigurations have become an increasingly common target for threat actors. In this case, a webpage was reportedly configured in a way that allowed unauthorized access to sensitive data without proper authentication controls.
Although the company’s primary systems were not compromised, the exposure of personal information creates potential risks for affected individuals. Attackers may use the leaked details to launch phishing campaigns, identity theft attempts, or highly targeted social engineering attacks.

The incident serves as another reminder that even a small configuration error can have serious consequences, especially for organizations responsible for protecting the data of millions of students, educators, and customers worldwide.