Signal

Data breach exposes 13.5 million McGraw Hill user accounts via Salesforce misconfiguration

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-16 10:35 UTCUpdated 2026-04-16 11:49 UTC

rss

data_breachextortion_groupcloud_securityincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed

The Register Security · News · go.theregister.com · 2026-04-16 11:49 UTC

Data breach at edtech giant McGraw Hill affects 13.5 million accounts

bleepingcomputer_all · News · bleepingcomputer.com · 2026-04-16 10:35 UTC

limited source diversity in top sources

View all evidence

Overview

Edtech giant McGraw Hill suffered a data breach impacting 13.5 million user accounts after a misconfigured Salesforce-hosted page was exploited. The ShinyHunters extortion group leaked the stolen data, which was obtained earlier this month.

Entities

McGraw HillSalesforceShinyHunters

Score total

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Data breach and data leak occurred recently, with stolen data publicly exposed this month.
McGraw Hill's inclusion on ransomware leak sites signals active exploitation attempts.
Raises awareness for organizations using Salesforce and similar platforms to review security configurations.

Why it matters

Highlights risks of cloud service misconfigurations in protecting sensitive user data.
Demonstrates the ongoing threat from extortion groups targeting large enterprises.
Emphasizes need for robust incident response and security hygiene in education technology sector.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Misconfigured Salesforce environment led to exposure of 13.5 million McGraw Hill user records
ShinyHunters extortion group leaked the stolen McGraw Hill data

How sources frame it

BleepingComputer: neutral

All evidence

Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed

The Register Security · go.theregister.com · 2026-04-16 11:49 UTC

Data breach at edtech giant McGraw Hill affects 13.5 million accounts

bleepingcomputer_all · bleepingcomputer.com · 2026-04-16 10:35 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

The Register Security (1)
bleepingcomputer_all (1)

Top origin domains (this list)

go.theregister.com (1)
bleepingcomputer.com (1)