McGraw-Hill confirmed unauthorized access to a limited set of data hosted on a Salesforce webpage caused by a Salesforce platform misconfiguration that affected multiple organizations. The company says its Salesforce accounts, customer databases, courseware, internal systems, and sensitive information such as SSNs and student data were not compromised, while extortion group ShinyHunters claims a much larger cache of Salesforce records. #ShinyHunters #Salesforce
Keypoints
- Hackers accessed a limited set of data on a webpage hosted by Salesforce due to a platform misconfiguration.
- McGraw-Hill states its Salesforce accounts, customer databases, courseware, and internal systems were not accessed.
- Investigators found the exposed information did not include SSNs, financial account details, or student data.
- Extortion group ShinyHunters claims to hold millions of Salesforce records and threatened to leak data.
- McGraw-Hill secured the affected webpages and is working with Salesforce and external cybersecurity experts to address the issue.