- ShinyHunters add McGraw Hill to data leak site, demand ransom by April 14 2026
- Group claims 45 million Salesforce records stolen, contradicting company’s “limited data” statement
- McGraw Hill says misconfiguration in Salesforce led to exposure, no SSNs, financial, or student data compromised
American education science company McGraw Hill has confirmed suffering a data breach and losing sensitive internal data after the infamous ransomware collective ShinyHunters added it to its data leak website.
In a statement shared with BleepingComputer, the company said the incident was not the result of a breach of its systems, but rather an exploitation of a misconfiguration:
“McGraw Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform,” the company said. “This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organizations that work with Salesforce.”
Article continues below
ShinyHunters’ activity
The company further stressed that the incident did not involve unauthorized access to its Salesforce accounts, customer databases, courseware, or internal systems. Social Security numbers (SSN), financial account information, or student data generated by educational platforms, have not been compromised.
A few days prior, the ShinyHunters ransomware group added McGraw Hill to its data leak website, and said it had until April 14 2026 to pay a ransom demand, or see the stolen data leak to the dark web.
It claims to have stolen 45 million Salesforce records with personally identifiable information (PII), which contradicts McGraw Hill’s assessment that the data is of little significance.
ShinyHunters is currently among the most active threat actors out there. It started as a ransomware player but quickly stopped deploying encryptors and focused entirely on data exfiltration and extortion.
A few weeks ago, it broke into an analytics company Anodot, through which it accessed Snowflake accounts belonging to more than a dozen companies. It exfiltrated most of the data found there and is currently extorting the victims. At the same time, it published 78.6 million records stolen from game development behemoth Rockstar Games even before the deadline expired.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/GPVivWoddyTxbPfsFjVfFe-2560-80.jpg
Source link
