CATEGORIES
home News

McGraw Hill Data Breach Exposes 13.5 Million Accounts In Salesforce Attack

by Zak KillianThursday, April 16, 2026, 02:30 PM EDT
Educational publishing giant McGraw Hill has confirmed a massive data leak, resulting in roughly 13.5 million user accounts being exposed online. The breach, which materialized earlier this month (April 2026), stemmed from a misconfiguration in a third-party environment hosted by Salesforce. The notorious extortion group ShinyHunters has claimed responsibility, initially threatening to drop a whopping 45 million records if a ransom wasn't met. When negotiations evidently broke down, the group followed through, dumping over 100GB of data.

McGraw Hill was quick to emphasize that its core internal systems, main customer databases, and proprietary courseware remain uncompromised. The company stated the unauthorized access was limited to a specific webpage hosted on the Salesforce platform; this is reportedly the very same misconfiguration issue that has impacted multiple other organizations using the service.

However, the collateral damage is still substantial. According to security watchdogs Have I Been Pwned, the 100GB leak contains 13.5 million unique email addresses. Depending on the specific record, the data also irregularly includes full names, physical addresses, and phone numbers. Fortunately, the most sensitive data like Social Security numbers, financial info, and student academic records were not caught in the crossfire.

mcgraw hill hack
The name "ShinyHunters" is of course a reference to Pokémon.

ShinyHunters has been incredibly active this year, with this attack following their recent high-profile breaches on the European Commission, Match Group, and Rockstar Games. Besides those, other sites nailed by the extortion group include Allianz Life, Panera Bread, SoundCloud, Telus Digital, Wynn Resorts, and still more.

This incident is a textbook example of why third-party integrations and the software supply chain are keeping security teams awake at night. Though no passwords or financial data were dropped, 13.5 million fresh combinations of emails, names, and phone numbers is an absolute goldmine for targeted spear-phishing campaigns, credential stuffing, and identity fraud.

You can have the most locked-down internal network in the world, but if a SaaS environment is left misconfigured, your users are still the ones who pay the price. As enterprises continue to lean heavily on cloud platforms, the shared responsibility model needs serious vigilance, because "it wasn't our main server" is cold comfort to the millions of people about to see a massive spike in scam texts with their real names and addresses.

Top image: "McGraw-Hill Ed Sign 2" by Sixflashphoto used under CC BY-SA 4.0.
Tags:  cybersecurity, shinyhunters, mcgraw-hill
Zak Killian

Zak Killian

A 30-year PC building veteran, Zak is a modern-day Renaissance man who may not be an expert on anything, but knows just a little about nearly everything.
TOP STORIES
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy Policy

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy Policy - Copyright Notice - Terms Of Use