McGraw Hill Data Breach Exposes 13.5 Million Accounts In Salesforce Attack

Educational publishing giant McGraw Hill has confirmed a massive data leak, resulting in roughly 13.5 million user accounts being exposed online. The breach, which materialized earlier this month (April 2026), stemmed from a misconfiguration in a third-party environment hosted by Salesforce. The notorious extortion group ShinyHunters has claimed responsibility, initially threatening to drop a whopping 45 million records if a ransom wasn't met. When negotiations evidently broke down, the group followed through, dumping over 100GB of data.

McGraw Hill was quick to emphasize that its core internal systems, main customer databases, and proprietary courseware remain uncompromised. The company stated the unauthorized access was limited to a specific webpage hosted on the Salesforce platform; this is reportedly the very same misconfiguration issue that has impacted multiple other organizations using the service.

However, the collateral damage is still substantial. According to security watchdogs Have I Been Pwned, the 100GB leak ...