< formatted article >

Breach Alert: McGraw Hill Exposes 13.5 Million User Files via Salesforce Misconfiguration

A Simple Mistake, a Massive Leak

In April, educational publisher McGraw Hill discovered a critical flaw in its online security—not the work of a sophisticated hacker, but a basic setup error. The mistake left 13.5 million user files stored on Salesforce exposed to the public internet. Within days, the hacker group ShinyHunters exploited the vulnerability, extracting and later leaking over 100 gigabytes of sensitive data to underscore their breach.

What Was Exposed?

The leaked dataset included:

• 13.5 million unique email addresses
• Names and street addresses for many users
• No Social Security numbers or bank details—but scammers don’t need them

With real names and addresses in hand, attackers now have everything required to craft highly personalized phishing emails and scam texts, making these attacks far more convincing than generic spam.

ShinyHunters: The Group Behind the Breach

This wasn’t ShinyHunters’ first high-profile hit. Before McGraw Hill, they targeted:

• The European Commission
• Match Group

Typically, extortion-focused hackers demand payment—but when negotiations collapsed, they publicly dumped the data, reinforcing a harsh truth: cybercriminals rarely honor promises.

A Wake-Up Call for Cloud Security

The incident highlights a harsh reality: outsourcing to SaaS providers doesn’t absolve companies of security responsibility. Even the strongest internal protections mean nothing if a third-party cloud app is misconfigured and left open to the internet.

Now, users who never clicked a malicious link face targeted scams using their real identities. The breach serves as a stark reminder: in cybersecurity, a single weak link can compromise millions.