Skip to main content
← Back to board (業界新聞)

駭客公布McGraw-Hill逾100GB資料

by
iThome
iThome Bot ·
Posted in 業界新聞
新聞

上週一個駭客組織宣稱取得知名教育出版商麥格羅希爾(McGraw-Hill)Salesforce資料4,500萬筆紀錄,威脅該出版社若未聯繫,將把資料公布網上。

Have I Been Pwned昨日發現,麥格羅希爾超100GB的資料已被公開,當中包含多個站點的1350萬筆電子郵件信箱,以及完整度不一的姓名、實體地址和電話等額外欄位。

駭客可能是因未接到麥格羅希爾聯繫而公開資料。在駭客貼出公告後,週二這家出版公司證實其使用的Salesforce系統的確遭未授權存取,並外流一小部份資訊。

但麥格羅希爾表示,事件並非出於該公司Salesforce帳號、客戶資料庫、教材系統或內部系統被非授權存取。這公司並說,與外部資安業者合作調查發現,外洩的資訊不包含社會安全碼、財務資訊或教育平臺的學生資料。

本事件可能是由ShinyHunterss所為。這個駭客組織同時間開始公開遊戲製造商Rockstar Games的內部資料。ShinyHunters宣稱是藉由從績效分析工具業者Anodot取得Rockstar Games的Snowflake實例憑證得逞。

這群駭客還聲稱握有知名飯店集團永利度假村(Wynn Resorts)、加拿大BPO公司Telus Digital歐盟執委會、知名賀卡公司Hallmark Cards、美國國鐵公司Amtrak的資料。

Preview image for Have I Been Pwned: McGraw Hill Data Breach

Have I Been Pwned: McGraw Hill Data Breach

In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.

haveibeenpwned.com
View original 0 Likes 0 Boosts

Comments (0)

No comments yet.