This statement comes after sources told BleepingComputer that threat actors compromised Pearson's developer environment in January 2025 through an exposed GitLab Personal Access Token (PAT) found in a public .git/config file. In the attack on Pearson, the exposed token allowed the threat actors to access the company's source code, which contained further hard-coded credentials and authentication tokens for cloud platforms. Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Last year, Internet Archive was breached after threat actors discovered an exposed Git configuration file containing an authentication token for the company's GitLab repositories. Over the following months, the threat actor reportedly used these credentials to steal terabytes of data from the company's internal network and cloud infrastructure, including AWS, Google Cloud, and various cloud-based database services such as Snowflake and Salesforce CRM. However, when BleepingComputer asked Pearson about whether they paid a ransom, what they meant by "legacy data," how many customers were impacted, and if customers would be notified, the company responded that they would not be commenting on these questions. Scanning for Git configuration files and exposed credentials has become a common method for threat actors to breach cloud services. If this file is mistakenly exposed and contains access tokens embedded in remote URLs, it can give attackers unauthorized access to internal repositories. "We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 08 May 2025 20:15:05 +0000