嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要通读整篇文章,抓住主要信息。文章讲的是教育公司麦格劳-希尔被黑客入侵,黑客利用了Salesforce的一个配置错误,获取了内部数据。公司回应说这次入侵没有影响到他们的Salesforce账户、客户数据库或内部系统,泄露的数据有限且不敏感。 接着,文章提到威胁组织ShinyHunters声称拥有4500万条Salesforce记录,并威胁要在4月14日前泄露数据,除非支付赎金。麦格劳-希尔已经修复了问题,并与Salesforce合作加强保护措施。 还有,ShinyHunters今年已经攻击了多家知名公司,比如Rockstar Games、Hims & Hers等。 现在要将这些信息浓缩到100字以内。我需要抓住关键点:黑客利用Salesforce配置错误入侵麦格劳-希尔,泄露数据有限且不敏感;ShinyHunters威胁泄露4500万条记录;公司已修复并加强安全措施。 这样组织起来应该能符合要求。 </think> 教育公司McGraw-Hill确认黑客利用Salesforce配置错误获取其内部数据。公司表示未影响其账户、客户数据库或系统,泄露数据有限且不敏感。威胁组织ShinyHunters声称持有4500万条记录并威胁泄露。McGraw-Hill已修复问题并加强安全措施。 2026-4-14 18:15:13 Author: www.bleepingcomputer.com(查看原文) 阅读量:9 收藏
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data.
The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal systems, and that the amount of exposed data is limited and non-sensitive.
“McGraw-Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform. This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organizations that work with Salesforce," a McGraw-Hill spokesperson told BleepingComputer.
"Importantly, this did not involve unauthorized access to McGraw-Hill’s Salesforce accounts, customer databases, courseware, or internal systems,” the company representative added.
McGraw-Hill further states that its investigation, with help from external cybersecurity experts, revealed that the exposed information does not contain Social Security numbers (SSNs), financial account information, or student data from its educational platforms.
A global education company focused on learning content and platforms, McGraw-Hill offers textbooks, digital learning platforms, and K-12 school and university systems. The company is a major player in education publishing, with an annual revenue of $2.2 billion.
The statement about the cyberattack comes in response to the extortion group ShinyHunters announcing McGraw-Hill as a victim on its dark-web portal and threatening to leak stolen data by April 14 unless a ransom is paid.
The notorious threat actor claims to hold 45 million Salesforce records containing personally identifiable information (PII), contradicting the company’s statement that the compromised data is not sensitive in nature.
Source: BleepingComputer
McGraw-Hill also told BleepingComputer that the affected webpages were secured immediately after detecting the unauthorized activity, and that it is working closely with Salesforce to further strengthen protections and ensure that the issue is fully addressed.
The ShinyHunters data extortion group has carried out several confirmed high-profile security breaches since the start of the year, including those against Rockstar Games, Hims & Hers, the European Commission, Telus Digital, Wynn Resorts, Canada Goose, Match Group, Panera Bread, and CarGurus.
In March, the threat group also breached the American firm Infinite Campus, which also operates a K-12 student information system.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh