惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

The Register - Off-Prem: SaaS

Snowflake to burn $6B on AWS Graviton CPUs and AI accelerators Google Cloud suspended major customer Railway.com without cause, causing outage Anthropic comes for the midmarket software spend ServiceNow under siege as Atlassian adds to ITSM take-outs Survey: US workers are not keen on Microsoft's AI Service change takes down Microsoft Outlook for iOS Workday, Rippling, Slack lflunk data access test: Fivetran UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial The spaghettified DBMS chart that shows Oracle's crown is slowly slipping Atlassian’s new data collection policy protects rich customers while AI eats the rest Atlassian to train AI on user data unless law or cash say no UK told its Big Tech habit is now a national security risk How ServiceNow gets customers to gorge at the AI trough Salesforce is taking on ServiceNow in ITSM. The winner is AI Salesforce is taking on ServiceNow in ITSM. The winner is AI Snowflake manager on 'Spider-Man' theory of AI agents Minnesota payroll problems grew after Workday, say auditors Salesforce looks to Slackbot to help solve SaaSpocalypse ServiceNow salesman sues employer in commission dispute ServiceNow salesman sues employer in commission dispute Big Tech has not enforced Australia’s social media ban 'Emphathetic 'Salesforce bots to help fired via Labor Dept Datadog bets DIY AI will mean it dodges the SaaSpocalypse Snowflake's ongoing pitch: bring AI to data, not vice versa CMA dithers as Microsoft's cloud meter runs on your dime Salesforce acquihires team behind Clockwise for Agentforce CMA cracks knuckles, eyes Adobe's cancellation fees SAP's grand cloud escape plan €2B short of the runway Microsoft 365 pauses Copilot creep after admins cry foul Salesforce buyback to saddle company with debt until 2066 India tests whether AI can stop trains hitting elephants Adobe CEO Shantanu Narayen to step down after 18 years Adobe CEO Shantanu Narayen to step down after 18 years Pentagon praises Palantir tech for battlefield strike speed Atlassian to shed ten percent of staff, because AI Atlassian's new Jira migration tool slowed down cloudy moves Oracle says AI coding is helping it dodge SaaSpocalypse Vendors building tools to clean up messes made by AI agents Iran is the first out-loud cyberwar the US has fought Microsoft postpones new Outlook migration to 2027 Okta CEO ‘paranoid’ as vibe coders stir SaaS-pocalypse fears Capita £370M Whitehall outsourcing deal challenged in court Claude having artificially intelligent hiccups and access lockouts for over two hours Claude outage hits chat, API, vibe coding SaaS-pocalypse isn't coming any time soon SaaS-pocalypse isn't coming any time soon Half of German-speaking SAP users to stay on ECC to 2030 Half of German-speaking SAP users to stay on ECC to 2030 Salesforce CEO declared victory over flagging software sales Workday CEO's AI talk can't shake off weaker sales forecast Microsoft teases ‘reimagined SharePoint’ with added AI Palantir spent $25M on CEO flights for chatty Karp Microsoft throws spox under the bus in ICC email flap ServiceNow buys Pyramid Analytics ServiceNow buys Pyramid Analytics Supply chain breaches fuel cybercrime cycle, report says Apple inserts ads for its premium productivity services Apple inserts ads for its premium productivity services Workday CEO steps down amid layoffs and market jitters Workday CEO steps down amid layoffs and market jitters Counting the waves of tech industry BS from blockchain to AI Atlassian swears it can deliver AI without blowing out costs Workday layoffs to hit about 400 jobs Rise of AI means companies could pass on SaaS Estonia tests Euro alternatives amid Microsoft rollout MEP: 'The EU runs on Microsoft', Uncle Sam could turn it off Azure outages ripple across multiple dependent services Europe shrugs off tariffs, plots to end tech reliance on US Microsoft ends some standalone SharePoint and OneDrive plans TikTok’s US joint venture off to a rocky start Oracle, Michael Dell, invest in JV to run TikTok USA Mandiant plugs Salesforce leaks with open source tool Data storage cloud Snowflake buys ITOM platform Observe ServiceNow snags Microsoft vet to run legal amid M&A spree ServiceNow to buy Armis in $7.7 billion security deal ServiceNow unworried by Salesforce targeting its ITSM core ServiceNow mulls Armis buy to gain IT visibility Workday project at Washington University hits $266M Here we go again: Microsoft in UK court over cloud licensing
McGraw Hill linked to 13.5M-record data leak
Carly Page Carly Page · 2026-04-16 · via The Register - Off-Prem: SaaS

Cyber-crime

Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed

Publisher claims misconfigured Salesforce-hosted page leaked data

Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.

Have I Been Pwned says the breach exposed names, phone numbers, email addresses, and some physical addresses. McGraw Hill described the source as a "limited" Salesforce-hosted webpage – though the data now circulating publicly tops 100 GB and covers 13.5 million email addresses.

Most Salesforce compromises don't stem from flaws in Salesforce itself, but from stolen credentials, abused OAuth apps, or over-permissioned integrations that give attackers legitimate access to quietly pull data.

The breach surfaced earlier this week when the ShinyHunters crew added McGraw Hill to its dark web leak site alongside other victims, including Rockstar Games. The listing, seen by The Register, says the group has "over 40M Salesforce records containing PII data" and accuses the company of failing to pay a ransom before an April 14 deadline.

McGraw Hill has kept quiet on its own channels, with no mention of the incident on its website and no response to The Register's questions. In statements to other outlets, however, it claimed the activity "appears to be part of a broader issue involving a misconfiguration within Salesforce's environment that has impacted multiple organizations."

The publisher was also keen to draw a line around the damage, insisting the intrusion "did not involve unauthorized access to McGraw Hill's Salesforce accounts, customer databases, courseware, or internal systems." That may be technically accurate, though it's unlikely to be much comfort to anyone whose personal details may now be circulating online.

Salesforce did not respond to The Register's questions.

ShinyHunters has targeted Salesforce-linked environments before, including a 2025 campaign that exploited weaknesses in connected services rather than breaking into core systems directly.

For McGraw Hill – an outfit built on digital learning platforms and assessments spanning K-12 through to professional training – the irony is hard to miss. The lesson here, at least for those caught up in the mess, is that even "limited" exposure can add up fast once it escapes into the open. ®