McGraw-Hill disclosed that hackers exploited a misconfigured Salesforce instance to access internal data, following an extortion threat. The education company confirmed the breach to BleepingComputer.
McGraw-Hill has confirmed a data breach stemming from a Salesforce misconfiguration that allowed unauthorized access to internal systems. The disclosure came after hackers threatened to extort the company and made public their claims of accessing sensitive data.
According to the statement provided to BleepingComputer, threat actors exploited improper security settings on a Salesforce deployment to gain entry to McGraw-Hill's network. The misconfiguration left systems exposed without adequate access controls, enabling attackers to retrieve internal information.
Salesforce misconfigurations have become a recurring vulnerability in enterprise environments. Common issues include overly permissive access policies, exposed API keys, and inadequate authentication settings. Organizations using Salesforce must regularly audit their configurations and enforce principle of least privilege access.
The incident adds McGraw-Hill to a growing list of major companies affected by cloud infrastructure misconfigurations. Similar breaches have impacted financial institutions, healthcare providers, and tech companies in recent years.
McGraw-Hill is a major educational publishing and technology company serving schools and universities globally. The scope of the breach and specific data accessed have not been fully disclosed.
The company has not yet released comprehensive details about remediation efforts, affected users, or whether external investigation is underway. Customers and users should monitor official communications for guidance on potential exposure.
This incident underscores the importance of cloud security fundamentals. Organizations must implement regular configuration audits, enforce strong access controls, enable multi-factor authentication, and monitor for suspicious activity. Third-party assessments and penetration testing can identify exposed configurations before attackers exploit them.
McGraw-Hill's confirmation comes as regulators and security experts continue emphasizing the need for stronger cloud security practices across sectors relying on platforms like Salesforce, AWS, and Azure.
A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.
Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.
A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.
Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.