Cybersecurity

McGraw Hill Data Breach Exposes 13.5 Million Accounts — ShinyHunters Exploits Salesforce Misconfiguration

Summary

Educational publishing giant McGraw Hill has confirmed a data breach affecting 13.5 million user accounts, after the ShinyHunters cybercriminal group leaked over 100GB of stolen data. The breach originated from a misconfiguration in McGraw Hill’s Salesforce environment, exposing names, physical addresses, phone numbers, and email addresses.

ShinyHunters initially claimed to have exfiltrated 45 million Salesforce records containing PII and threatened to release the data if a ransom was not paid by April 14, 2026. McGraw Hill has disputed the scale of the attackers’ claims, stating the incident affected a limited set of data from a Salesforce-hosted webpage and did not impact core courseware, customer databases, or internal systems.

Data breach notification service Have I Been Pwned confirmed the leaked dataset contains data linked to 13.5 million accounts. McGraw Hill has characterized the incident as part of a broader Salesforce misconfiguration issue affecting multiple organizations — with ShinyHunters reportedly exploiting similar access patterns across other targets in 2026.

Source

BleepingComputer · The Register · The Record

Commentary

This breach is a textbook case of third-party misconfiguration risk. McGraw Hill’s core systems weren’t breached — a Salesforce environment was. But to the 13.5 million people whose PII is now circulating, that distinction is academic. The exposed data is a spear-phishing goldmine, especially given the educational context — students, teachers, and administrators are high-value social engineering targets.

The broader pattern is more concerning: ShinyHunters has been systematically exploiting Salesforce environment misconfigurations across multiple organizations in 2026. This suggests either a common deployment antipattern or a platform-level issue that Salesforce needs to address more aggressively. If you’re running Salesforce, now would be an excellent time to audit your configuration.

Related Posts

You May Have Missed

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by