The ShinyHunters extortion group leaked data tied to 13.5 million McGraw Hill user accounts after exploiting a misconfiguration in a Salesforce-hosted webpage. Over 100GB of files containing names, addresses, phone numbers, and email addresses were published, and the group has also targeted Rockstar Gamesβ Snowflake environment and other organizations. #ShinyHunters #McGrawHill #Salesforce #RockstarGames #Snowflake
Keypoints
- ShinyHunters claims to have stolen data from McGraw Hill via a misconfigured Salesforce webpage.
- Have I Been Pwned reports more than 100GB of leaked files tied to 13.5 million unique email addresses.
- Exposed fields include names, physical addresses, phone numbers, and email addresses that could enable spear-phishing.
- McGraw Hill confirmed unauthorized access but said its core systems, courseware, and customer databases were not affected.
- The extortion group also leaked data from Rockstar Gamesβ Snowflake breach and has targeted numerous other organizations recently.