Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Education

littlemissmartypants

(34,006 posts) Thu Apr 16, 2026, 08:08 AM 21 hrs ago

Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed

Publisher claims misconfigured Salesforce-hosted page leaked data

Thu 16 Apr 2026

Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.

Have I Been Pwned says the breach exposed names, phone numbers, email addresses, and some physical addresses. McGraw Hill described the source as a "limited" Salesforce-hosted webpage – though the data now circulating publicly tops 100 GB and covers 13.5 million email addresses.

Most Salesforce compromises don't stem from flaws in Salesforce itself, but from stolen credentials, abused OAuth apps, or over-permissioned integrations that give attackers legitimate access to quietly pull data.

The breach surfaced earlier this week when the ShinyHunters crew added McGraw Hill to its dark web leak site alongside other victims, including Rockstar Games. The listing, seen by The Register, says the group has "over 40M Salesforce records containing PII data" and accuses the company of failing to pay a ransom before an April 14 deadline.
...
https://www.theregister.com/2026/04/16/mcgraw_hill_salesforce/