The ShinyHunters extortion group has compromised 13.5 million user accounts from McGraw Hill's Salesforce environment, marking a significant breach for the educational publisher. McGraw Hill, a well-known provider of educational content with $2.2 billion in annual revenue, confirmed the breach. The attack exploited a misconfiguration in the Salesforce environment, but the company assured that its Salesforce accounts, courseware, customer databases, and internal systems remain unaffected.

McGraw Hill disclosed that unauthorized access was detected in a limited set of data hosted on Salesforce. The breach appears to be part of a larger issue with Salesforce's environment affecting various organizations. ShinyHunters, known for extortion activities, added McGraw Hill to its dark web leak site, claiming possession of 45 million Salesforce records. The gang demanded a ransom, threatening to leak the data online.

Although McGraw Hill has not specified the number of affected individuals, the data breach notification service Have I Been Pwned reports that over 100GB of data linked to 13.5 million accounts has been leaked. The compromised data includes names, physical addresses, phone numbers, and email addresses, potentially exposing customers to spear-phishing attacks.

In a recent development, ShinyHunters has also leaked data from other high-profile breaches, including Rockstar Games and several other companies. This string of incidents underscores the importance of robust cybersecurity measures for organizations relying heavily on cloud-based environments.