Following being listed as a victim by the ShinyHunters cyber extortion group, educational publishing giant McGraw Hill has confirmed the hackers were able to access its Salesforce database.
“McGraw Hill recently identified unauthorised access to a limited set of data from a webpage hosted by Salesforce on its platform,” McGraw Hill said in a widely reported statement.
“This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organisations that work with Salesforce.”
McGraw Hill added, however, that the incident did not involve access to its “Salesforce accounts, customer databases, courseware, or internal systems”.
“Upon discovery, we took immediate action to secure the affected webpages and initiated an investigation with the support of cybersecurity experts,” McGraw Hill said.
“Based on our review, the data involved is limited in scope and consists of non-sensitive information. The data does not contain sensitive information such as Social Security numbers, financial account information, or student data from our educational platforms.”
McGraw Hill has a significant presence in Australia and New Zealand. However, when asked by Cyber Daily if the incident impacted any Australian data, the company shared the same statement it had released globally.
What happened?
McGraw Hill was one of several companies listed by ShinyHunters earlier this month, including GTA developer Rockstar Games, with the hackers threatening each one to pay a ransom demand or have its data leaked.
“Over 45M Salesforce records containing PII data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way,” ShinyHunters said in an April 12 leak post.
“Make the right decision, don't be the next headline.”
While the hackers claim the breach impacted 45 million records, a dataset subsequently added to Have I Been Pwned’s database featured only 13.5 million unique email addresses.
“More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records,” Have I Been Pwned said in an April 16 site update.
While it appears that ShinyHunters was true to its word and has published at least some of the data it alleged to have stolen, all of its leak sites are currently offline.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.