When student data leaks in the cloud

Schoolbook publisher McGraw Hill discovered a gap in its online defenses this April that let outsiders view 13. 5 million user files stored on Salesforce. The hole came from a simple setup mistake, not a hacker tunneling through complex code. Attackers calling themselves ShinyHunters grabbed the exposed info and later dumped over 100 gigabytes to prove their point. Inside that leak bundle there are 13. 5 million unique email addresses, plus names and street addresses for many of those people. Social Security numbers and bank details stayed safe, but the released data still gives scammers everything they need to send personalized scam texts or phishing emails. Have I Been Pwned, the data-tracking site, confirmed the size and scope of the spill.ShinyHunters has been busy lately, hitting recognizable names like the European Commission and Match Group before turning to McGraw Hill. Each breach shows how fast one misstep in the cloud can ripple across millions of lives. The group usually demands money, but after talks failed they simply published the data, proving once again that extortionists rarely keep their word. Experts warn that relying on third-party tools like Salesforce doesn’t remove responsibility for security. Even the tightest internal firewalls are useless when a SaaS app is left open for anyone on the internet. Customers who never clicked a suspicious link now face waves of scams using their real names and addresses, reminding every company that good security is only as strong as its weakest outside link.