The research team at vpnMentor has stumbled upon a data leak containing the personal information of some 100,000 users of the educational publishing company McGraw Hill online.
The cybercrook who leaked the database on a hacking forum on Nov. 6, says the data is linked to 90,875 of McGraw Hill students and users.
The stolen database allegedly includes full names, usernames, account IDs, phone numbers, emails and physical addresses.
While the research team couldn’t verify the validity of all the data, their data sample analysis confirms the existence of full names and email addresses in the leak. However, the user who leaked the alleged stolen data had previously shared other breached records proven to originate from legitimate databases, according to investigators.
“The database was posted behind a paywall; thus, our team couldn't access the link to the full database and only saw the sample shared in the post,” the researchers said. “Upon the vpnMentor research team’s inspection of the sample data, we confirmed that full names and email addresses are included in the leak. The phone numbers and home addresses of the individuals exposed in the shared sample are blank, but those fields could be filled for other users in the full database.”
Know your risks
In the hands of cybercriminals, the exposed data could be exploited in social engineering attacks (phishing attempts) that could lead to identity theft and fraud.
“For instance, cybercriminals could pose as renowned companies or organizations and send the affected individuals emails that may convince them to provide additional sensitive information — such as banking information or social security numbers — or click on malware-carrying links,” the researchers explained.
Individuals with an account on the McGraw Hill platform are advised to watch out for suspicious activities across online platforms and scrutinize all incoming correspondence that may ask for sensitive information.
Want to stay on top of data breaches and leaks involving your personal information?
Get Bitdefender Digital Identity Protection to monitor whether your most sensitive data appears in a data breach or is leaked on the dark web. The identity protection service automatically scours the web to find your private information in online legal and illegal collections of data, and even checks if your personal details have been exposed on the Dark Web. You also get instant alerts for new breaches and privacy threats (including social media impersonation) so you can act quickly to limit their impact.
When a data breach is detected, you will receive actionable tips to help you protect your accounts and improve your overall privacy.