Overview
- ShinyHunters posted more than 100GB of files tied to about 13.5 million McGraw Hill accounts, according to breach tracker Have I Been Pwned.
- McGraw Hill says attackers accessed data from a single webpage hosted on Salesforce that was left open by a configuration mistake.
- The company says no customer databases, courseware, Salesforce accounts, or internal systems were accessed in the incident.
- The leaked files include email addresses, names, and in some cases phone numbers or physical addresses, which could drive targeted phishing against students and educators.
- The group listed the publisher on its leak site and claimed tens of millions of Salesforce records, highlighting a wider trend of criminals exploiting cloud and SaaS integrations rather than breaching core systems.