- Pearson has recently confirmed suffering a cyber attack
- The company states that computer pirates obtained “inherited data”
- There are no threat actors, responsibility was affirmed
The Giant of Pearson Education Services has confirmed the suffering of a cyber attack and the loss of customer data, but has minimized the importance of rape, suggesting that stolen data were outdated anyway.
Bleepingcomputer He was told that someone used a Gitlab personal access token to compromise Pearson’s development environment in January 2025.
The Token found in a .git/Config public file, with the attackers who used this access to find even more login credentials, encoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information.
Chinese threat
Pearson then confirmed the news in a statement given to Bleepingcomputer:
“We recently discovered that an unauthorized actor obtained access to a part of our systems,” the statement said.
“Once we identify the activity, we take measures to stop it and investigate what happened and what data were affected with forensic experts. We also support police investigation. We have taken measures to implement additional safeguards in our systems, including the improvement of security monitoring and authentication.”
Then, the company hinted that the data may not be so valuable: “We continue to investigate, but at this time we believe that the actor downloaded data largely inherited. We will share additional information directly with customers and partners, as appropriate.”
There was no employee information among stolen files, it was confirmed. Pearson did not mean how many people were affected by the incident, or what type of information was exposed in these “inherited data.”
Unfortunately, leaving confidential information in Git Projects configuration files is nothing new, and criminals know it. In a recent analysis published by the safety pros Greynoise, it was said that cybercriminals have increased their scan for exposed git configuration files, since they hunted vulnerable organizations in Singapore.
