CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Salesforce misconfiguration leads to non-sensitive data exposure at McGraw-Hill amid ShinyHunters extortion claims

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

McGraw-Hill confirmed a data breach affecting 13.5 million user accounts after ShinyHunters exploited a Salesforce environment misconfiguration to steal and leak non-sensitive data, including names, addresses, phone numbers, and email addresses. The company stated the breach did not impact its core Salesforce accounts, customer databases, courseware, or internal systems, though ShinyHunters claimed possession of 45 million records with PII. The affected webpages were secured promptly, and McGraw-Hill is collaborating with Salesforce to remediate the issue. Have I Been Pwned verified the leak of over 100GB of data tied to 13.5 million accounts. The incident remains distinct from a separate, unverified claim by a threat actor posing as ShinyHunters, who alleges breaching Vercel and selling stolen data, including API keys and employee records. Vercel has disclosed the incident and is investigating with law enforcement and incident response experts, while denying any impact to services.

Timeline

  1. 14.04.2026 21:07 2 articles · 5d ago

    McGraw-Hill discloses Salesforce misconfiguration-driven data exposure amid ShinyHunters extortion claim

    McGraw-Hill confirmed the unauthorized access to its Salesforce-hosted data was exploited by ShinyHunters, who subsequently leaked data from 13.5 million user accounts, including names, physical addresses, phone numbers, and email addresses. The company reiterated that the breach did not impact core systems but acknowledged the broader Salesforce misconfiguration affecting multiple organizations. Have I Been Pwned verified the leak of over 100GB of compromised data.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Rockstar Games analytics data exfiltrated via third-party Snowflake compromise linked to Anodot breach

The extortion group ShinyHunters leaked approximately 78.6 million records of Rockstar Games’ internal analytics data, asserting the data was exfiltrated from Snowflake environments using authentication tokens stolen during a recent breach at Anodot, a data anomaly detection provider. The compromised datasets reportedly include in-game revenue metrics, player behavior tracking, and game economy data for Grand Theft Auto Online and Red Dead Online, as well as customer support analytics from Zendesk. Rockstar Games acknowledged a limited, non-material data breach tied to the third-party incident, stating no impact on its operations or players.

Open in new tab

CarGurus data breach exposes 12.4 million records

The ShinyHunters extortion group has leaked personal information from 12.4 million CarGurus accounts. The data includes email addresses, phone numbers, physical addresses, and financial application details. CarGurus has not confirmed the breach, but HaveIBeenPwned (HIBP) has verified the dataset, noting that 3.7 million records are new. The leaked data could be used for phishing attacks. CarGurus is a U.S.-based digital auto platform with an estimated 40 million monthly visitors. The breach follows a pattern of similar attacks by ShinyHunters, who often use social engineering to gain access to SaaS platforms like Salesforce and Microsoft 365.

Open in new tab

Optimizely Data Breach After Vishing Attack

An ongoing wave of vishing-led breaches attributed to ShinyHunters has claimed a new victim: Aura, a digital safety firm. The attack exposed contact details of nearly 900,000 individuals, stemming from a marketing tool inherited in a 2021 acquisition. ShinyHunters claimed the theft of 12GB of files containing PII and corporate data, releasing it after failed extortion attempts. The company emphasized no SSNs, passwords, or financial data were compromised and is conducting an internal review with law enforcement involvement. Earlier in February, Optimizely disclosed a similar breach following a voice phishing attack that compromised basic business contact information. Both incidents underscore the continued exploitation of vishing tactics by ShinyHunters to gain initial access to organizations, with impacts focused on contact data rather than deeper system compromise.

Open in new tab

Figure Fintech Breach Exposes 967,200 Accounts via Social Engineering

Figure Technology Solutions, a blockchain-based fintech firm, suffered a data breach affecting nearly 1 million accounts. Hackers stole personal and contact information through a social engineering attack. The breach was attributed to the ShinyHunters extortion group, which leaked 2.5GB of data from loan applicants. The attackers impersonated IT support to trick employees into providing access to SSO accounts, gaining entry to various enterprise applications.

Open in new tab

Discord User Data Compromised in Third-Party Breach

Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.

Open in new tab