Ethical Hacking News
Data Breach at EdTech Giant McGraw Hill Exposes 13.5 Million User Accounts
A massive data breach has compromised the sensitive information of over 13.5 million McGraw Hill users, leaving many in the education sector reeling. The breach was attributed to ShinyHunters extortion group and exposed PII such as names and physical addresses, phone numbers, and email addresses.
McGraw Hill has confirmed a massive data breach compromising 13.5 million users' sensitive information.The breach was caused by a misconfiguration in the compromised Salesforce environment, according to McGraw Hill's spokesperson.The stolen data includes PII such as names and physical addresses, phone numbers, and email addresses, with over 100GB of files leaked onto the dark web.ShinyHunters extortion group is claiming to have stolen 45 million Salesforce records, but only 13.5 million unique email addresses have been found in the leaked data.The breach raises concerns about McGraw Hill's security measures and the potential for spear-phishing attacks against its customers.Cybersecurity experts warn that misconfigurations are an easy target for attackers and predict more breaches like this will occur.The ShinyHunters group is attempting to extort money from McGraw Hill through a false sense of urgency, but its authenticity is uncertain.
In a shocking turn of events, the edtech giant McGraw Hill has confirmed that it has been the victim of a massive data breach, compromising the sensitive information of over 13.5 million of its users. The breach, attributed to the notorious ShinyHunters extortion group, has left many in the education sector reeling, as the stolen data includes not only personally identifiable information (PII) such as names and physical addresses but also phone numbers and email addresses.
According to Have I Been Pwned, a popular data breach notification service, over 100GB of files containing the stolen data have been leaked onto the dark web. The exposed information, which includes not only user account details but also internal analytics used by McGraw Hill, has raised serious concerns about the company's security measures and the potential for spear-phishing attacks against its customers.
McGraw Hill's spokesperson confirmed that the breach was caused by a misconfiguration in the compromised Salesforce environment. The company stated that the incident did not affect its Salesforce accounts, courseware, customer databases, or internal systems.
This breach comes as no surprise to cybersecurity experts, who have long warned about the vulnerabilities of Salesforce and other cloud-based platforms. "Misconfigurations are an easy target for attackers," said one expert, who wished to remain anonymous. "It's a matter of time before we see more breaches like this."
The ShinyHunters extortion group has added McGraw Hill to its list of claimed victims, with the gang claiming to have stolen 45 million Salesforce records containing PII and threatening to leak the allegedly stolen documents online unless a ransom is paid.
However, it appears that ShinyHunters has not been entirely truthful about the extent of the breach. According to Have I Been Pwned, the leaked data only accounts for around 13.5 million unique email addresses, with additional fields such as name and physical address appearing inconsistently across some records.
This raises questions about the authenticity of the threat actors' claims and whether they are attempting to extort McGraw Hill through a false sense of urgency. "It's possible that ShinyHunters is using this breach to extort money from McGraw Hill," said another cybersecurity expert. "However, without more information, it's difficult to say for certain."
The breach has already had an impact on the company's customers, with many being forced to reset their reservation PINs due to a separate data breach at Booking.com.
In recent months, ShinyHunters has been behind several high-profile security breaches, including attacks on the European Commission, Infinite Campus, Hims & Hers, Telus Digital, Wynn Resorts, CarGurus, Panera Bread, SoundCloud, and dating giant Match Group.
The group's activities have sparked concerns about the rise of ransomware and other types of cybercrime. "ShinyHunters is part of a larger trend of extortion groups using data breaches to extort money from organizations," said one cybersecurity expert. "It's a serious threat that cannot be ignored."
McGraw Hill has yet to share how many individuals were affected by the resulting data breach, but the company has confirmed that it is taking steps to address the issue and prevent future incidents.
As the edtech sector continues to grapple with the implications of this breach, cybersecurity experts are urging organizations to take proactive measures to protect their users' sensitive information. "This breach highlights the importance of robust security measures and regular vulnerability testing," said one expert. "Organizations must do more to protect themselves and their customers from these types of attacks."
In the meantime, McGraw Hill's customers will be left to wonder how such a massive data breach could have occurred, and what steps the company took to prevent it. As one expert noted, "The real question is: What did McGraw Hill know about this breach, and when did they know it?"
Related Information:
https://www.ethicalhackingnews.com/articles/Data-Breach-at-EdTech-Giant-McGraw-Hill-Exposes-135-Million-User-Accounts-ehn.shtml
https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/
https://www.highereddive.com/news/mcgraw-hill-exposed-student-data-grades-online-privacy/639150/
https://en.wikipedia.org/wiki/ShinyHunters
https://www.independent.co.uk/tech/google-data-breach-shinyhunters-cyber-attack-b2821097.html
Published: Thu Apr 16 05:59:18 2026 by llama3.2 3B Q4_K_M
