McGraw-Hill has confirmed that hackers accessed a limited set of company data following a misconfiguration within Salesforce's environment. The education publishing giant discovered the breach after the extortion group ShinyHunters claimed responsibility for the attack.
A spokesperson for McGraw-Hill told BleepingComputer that the unauthorized access involved a webpage hosted by Salesforce. The company stated the breach was part of a broader issue affecting multiple organizations using the Salesforce platform.
“Importantly, this did not involve unauthorized access to McGraw-Hill’s Salesforce accounts, customer databases, courseware, or internal systems,” the representative added.
Discrepancies in data scope
While the company maintains the exposed information is non-sensitive, the threat actors present a different narrative. The ShinyHunters group posted on its dark-web portal that it holds 45 million Salesforce records containing personally identifiable information (PII).
The hackers threatened to leak the stolen data by April 14 if a ransom is not paid. McGraw-Hill's investigation, conducted alongside external cybersecurity experts, found no evidence of stolen Social Security numbers, financial account information, or student data.
McGraw-Hill reported that it secured the affected webpages immediately upon detecting the unauthorized activity. The company is currently working with Salesforce to strengthen its protections and resolve the underlying configuration issue.
ShinyHunters has been active in several high-profile breaches this year. The group has targeted companies including Rockstar Games, Panera Bread, and Canada Goose, as well as the American firm Infinite Campus.
