Education giant McGraw-Hill has confirmed that hackers gained unauthorized access to a limited set of its data after exploiting a misconfiguration in Salesforce.
In a statement, McGraw-Hill explained that the breach involved a webpage hosted on Salesforce’s platform, not its core systems. The company stressed that its Salesforce accounts, customer databases, course materials, and internal systems were not accessed during the incident.
The company also said that an investigation carried out with external cybersecurity experts found that the exposed data was not sensitive. According to McGraw-Hill, the compromised information does not include Social Security numbers, financial details, or student data from its educational platforms.
The disclosure comes after the ShinyHunters extortion group listed McGraw-Hill on its dark web site, claiming to have stolen 45 million Salesforce records containing personal data. The group has threatened to release the information unless a ransom is paid, though this claim conflicts with McGraw-Hill’s statement that the exposed data is limited and not sensitive.
McGraw-Hill said it quickly secured the affected webpages after detecting the unauthorized activity and is now working with Salesforce to strengthen protections and prevent similar issues. The company added that steps are being taken to fully address the vulnerability.
ShinyHunters has been linked to several major cyberattacks this year, targeting organizations across different industries, including gaming, government, retail, and technology.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
