CP
cyberpings

McGraw-Hill Data Breach - Extortion Threat Confirmed

A data breach at McGraw-Hill has been confirmed after hackers exploited a Salesforce misconfiguration. The incident raises concerns about data security and extortion threats. McGraw-Hill is taking steps to secure its systems and protect user information.

BreachesHIGHUpdated: Published:
Featured image for McGraw-Hill Data Breach - Extortion Threat Confirmed

Original Reporting

BCBleepingComputer·Bill Toulas

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, hackers accessed some of McGraw-Hill's data and threatened to leak it unless paid.

What Happened

Education giant McGraw-Hill recently confirmed a data breach resulting from a misconfiguration in Salesforce. Hackers exploited this flaw, gaining access to internal data. The breach was publicly acknowledged after the notorious extortion group ShinyHunters claimed responsibility and threatened to leak the data unless a ransom was paid.

Who's Affected

While McGraw-Hill reassured stakeholders that its core systems, including Salesforce accounts and customer databases, remain secure, the incident has raised concerns among its users and partners. The company serves millions of students and educators worldwide, making any data breach a significant issue.

What Data Was Exposed

According to McGraw-Hill, the accessed data is limited and does not include Social Security numbers, financial information, or sensitive educational data. However, ShinyHunters claims to possess 45 million Salesforce records, which they allege contain personally identifiable information (PII). This contradiction has led to skepticism regarding the actual extent of the breach.

What You Should Do

For those connected to McGraw-Hill or using Salesforce, it’s crucial to remain vigilant. Here are a few steps to consider:

Containment

  • 1.Monitor your accounts for any unusual activity.
  • 2.Change passwords associated with your Salesforce accounts and any linked services.

Remediation

  • 3.Stay informed about updates from McGraw-Hill regarding the breach.
  • 4.Educate yourself on phishing tactics, as extortion groups often follow up breaches with targeted scams.

Immediate Actions Taken

Following the breach, McGraw-Hill took swift action to secure the affected webpages and engaged external cybersecurity experts to investigate the incident. They are also collaborating with Salesforce to enhance security measures and prevent future occurrences. This proactive approach is essential in maintaining user trust and safeguarding sensitive information.

Broader Context

This incident is part of a troubling trend, as ShinyHunters has been linked to several high-profile breaches in recent months, including attacks on major organizations like Rockstar Games and the European Commission. Their tactics highlight the increasing risks associated with misconfigurations in cloud services, which can expose companies to significant threats.

As the investigation continues, McGraw-Hill is committed to transparency and ensuring that their systems remain secure against such threats in the future.

🔒 Pro Insight

🔒 Pro insight: The discrepancy between McGraw-Hill's and ShinyHunters' claims underscores the complexities of data breach disclosures and the need for robust security audits.

BCBleepingComputer· Bill Toulas
Read Original

Share

Related Pings

Preview image for France's Digital Sovereignty Push Amidst Targeted Breaches
Breaches
HIGH

France's Digital Sovereignty Push Amidst Targeted Breaches

France is pushing for digital sovereignty as Booking.com confirms a breach. Adobe and SAP are also addressing critical vulnerabilities. This highlights the ongoing cybersecurity risks faced by organizations.

CWCyberWire Daily
Read PingRead Source
Preview image for RCI Hospitality Reports Data Breach - Contractor Data Exposed
Breaches
HIGH

RCI Hospitality Reports Data Breach - Contractor Data Exposed

RCI Hospitality has reported a data breach exposing sensitive contractor information due to a security flaw. This incident raises concerns about web security practices. The company assures that customer data remains safe.

SWSecurityWeek
Read PingRead Source
Breaches
HIGH

High Street Retailers Hit by Cyber Attacks - Chaos Ensues

UK retailers are facing major disruptions due to cyber attacks, leading to empty shelves and halted services. The chaos affects both customers and staff, raising serious cybersecurity concerns.

SMSmashing Security
Read PingRead Source
Breaches
HIGH

UK Legal Aid Hack Exposes Sensitive Data Amid Instagram Scams

A major UK legal aid hack has exposed sensitive data of vulnerable individuals. Additionally, Instagram scammers are hijacking accounts, raising serious concerns about online safety. Immediate action is needed to protect personal information.

SMSmashing Security
Read PingRead Source
Breaches
HIGH

Tea App Data Leak - 70K Private Images Exposed

The Tea app has leaked over 70,000 private images and chat logs, raising serious privacy concerns for its users. This breach highlights the need for better data protection in dating apps. Stay informed and take action to secure your data.

SMSmashing Security
Read PingRead Source
Breaches
HIGH

Burger King Hack - Ethical Hackers Expose Security Flaws

Ethical hackers found serious security flaws at Burger King, exposing drive-thru recordings and hard-coded passwords. Meanwhile, an AI engineer faces a lawsuit for stealing trade secrets. Stay informed about these alarming breaches and their implications for privacy and security.

SMSmashing Security
Read PingRead Source