Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed

Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.

Have I Been Pwned says the breach exposed names, phone numbers, email addresses, and some physical addresses. McGraw Hill described the source as a "limited" Salesforce-hosted webpage – though the data now circulating publicly tops 100 GB and covers 13.5 million email addresses.

Most Salesforce compromises don't stem from flaws in Salesforce itself, but from stolen credentials, abused OAuth apps, or over-permissioned integrations that give attackers legitimate access to quietly pull data.

The breach surfaced earlier this week when the ShinyHunters crew added McGraw Hill to its dark web leak site alongside other victims, including Rockstar Games. The listing, seen by The Register, says the group has "over 40M Salesforce records containing PII data" and accuses the company of failing to pay a ...