McGraw-Hill disclosed that hackers exploited a misconfigured Salesforce instance to access internal data, following an extortion threat. The education company confirmed the breach to BleepingComputer.
McGraw-Hill has confirmed a data breach stemming from a Salesforce misconfiguration that allowed unauthorized access to internal systems. The disclosure came after hackers threatened to extort the company and made public their claims of accessing sensitive data.
According to the statement provided to BleepingComputer, threat actors exploited improper security settings on a Salesforce deployment to gain entry to McGraw-Hill's network. The misconfiguration left systems exposed without adequate access controls, enabling attackers to retrieve internal information.
Salesforce misconfigurations have become a recurring vulnerability in enterprise environments. Common issues include overly permissive access policies, exposed API keys, and inadequate authentication settings. Organizations using Salesforce must regularly audit their configurations and enforce principle of least privilege access.
The incident adds McGraw-Hill to a growing list of major companies affected by cloud infrastructure misconfigurations. Similar breaches have impacted financial institutions, healthcare providers, and tech companies in recent years.
McGraw-Hill is a major educational publishing and technology company serving schools and universities globally. The scope of the breach and specific data accessed have not been fully disclosed.
The company has not yet released comprehensive details about remediation efforts, affected users, or whether external investigation is underway. Customers and users should monitor official communications for guidance on potential exposure.
This incident underscores the importance of cloud security fundamentals. Organizations must implement regular configuration audits, enforce strong access controls, enable multi-factor authentication, and monitor for suspicious activity. Third-party assessments and penetration testing can identify exposed configurations before attackers exploit them.
McGraw-Hill's confirmation comes as regulators and security experts continue emphasizing the need for stronger cloud security practices across sectors relying on platforms like Salesforce, AWS, and Azure.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.