Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo HMH (hmhco.com)

Group: Shinyhunters

Discovered by ransomware.live: 2025-10-03

Estimated attack date: 2025-07-08

Country: US

Description:

[AI generated] HMH, or Houghton Mifflin Harcourt, is a long-established publishing company specializing in educational content. They provide a variety of instructional technology, assessments, and other learning materials to schools in over 150 countries. The company also publishes a number of well-known trade and reference works, alongside children's books. Their goal is to foster a lifelong love of learning in every individual they serve.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 26

Compromised Users: 8256

Third Party Employee Credentials: 15

External Attack Surface: 114

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • us-smtp-inbound-1.mimecast.com.
  • us-smtp-inbound-2.mimecast.com.
TXT Records
  • google-site-verification=jWaPYj9EqDhNlqii90MwSAGGqILGT3qvjv3sc9AjwVk
  • v=spf1 ip4:209.235.126.1 ip4:209.235.126.2 ip4:209.235.126.7 ip4:209.235.126.8 ip4:209.235.126.9 ip4:209.235.126.10 include:_netblocks.hmhco.com include:_spf.salesforce.com include:us._netblocks.mimecast.com include:6573d6.workshop-spf.net ~all
  • MS=ms65451366
  • globalsign-domain-verification=A5690202F4D1340FC95C7147711395FE
  • google-site-verification=9xAnKLlO-n0fb9ivg6304GUrAOYJzqF00f9NzD0YqwU
  • _zjf8wvnzc5hzfuordx7qti6vz2lo9dd
  • globalsign-domain-verification=ace3534fbff0e03574dcd4f8bb8848b7
  • docusign=9a0d3862-ce0a-4272-be65-e9d0ee8109b9
  • adobe-idp-site-verification=dcee0a2f77d8062795e70509a65d7f6913450b5485badb2058f23588f060c8b9
  • miro-verification=788279500223085801eb9b034064d4a96bdabaf3
  • globalsign-domain-verification=1111620e7587ddb0d56bfd6fcd6d4ae4
  • OSSRH-77297
  • docusignv=52c16912-2c65-4f50-b613-fa56c465c707
  • canva-site-verification=XAvMwkZKNaFlNW4YQojH3g
  • amazonses:zvT1yYoxLfumWiB6ESAVrkUzwpwo6ClRCUxHEsYjaFY=
  • smartsheet-site-validation=Y9J8B1EtJP8RjvrCy7bJNAGuwfZwPPw0
  • apple-domain-verification=P7EQHRcSw1MEhYAw
  • google-site-verification=WAHW1EO8Bhocy1PlQISnzb50g26m17-znBENRYcynKI
  • atlassian-domain-verification=BNYS2ZxDgYF0MABftk2Zoz5k5a1O4ISi5g0vBS7vRKxvosDsl020tMm88EaCzkFE
  • atlassian-domain-verification=CBbj/iXZ5lGubFrU2QeWACCkSiIcanWzOa3PxRDfyjxeJsv4d/vf4xiiortak0h1
  • canva-site-verification=nDn0iJqSi1AhFR_cAw5isQ
  • 49NBsw/Se/C6JS0bY1ERCAIm4lXSNiDJB3VJ4548dGRG3LGlCjuddY3HFB6JrGLJJns1X0QVEaK3c3mAxiDdpA==
  • _9y67qztkt2btxbaml8r2vjg40pzjd3c
  • cisco-ci-domain-verification=1e77c8c1819f3634ebaf3190e828520ae8b44db10725f96505c5668952e1a16a
  • pexip-ms-tenant-domain-verification=f05dded6-08d7-4594-b27b-6d2f601a4919
  • facebook-domain-verification=j9y57ganvf1td5819xs1y7ro1oaocs
  • openai-domain-verification=dv-LvPgut8vxG5Id4c62TexDLU0
  • _88p140xxu23fri4pwb8p9kiy0t0aq89
  • pendo-domain-verification=-c2MowabHj26bsKA847E49izAIM
  • docusign_verification=dm5d176s-eg0e-l9sg-abdi-hd56sz2tt0wc
  • canva-site-verification=7BqVD8X2bt48CNLNCochRw
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Microsoft 365 Salesforce Miro Cisco Mimecast DocuSign

Leak Screenshot:

Leak Screenshot