Pearson Education hit by data breach following exposed GitLab token
Take action: Never ever store passwords in source code. And be very paranoid personal access tokens and exposing the .git folder. Thousands of these folders are already exposed on the internet, and google has even idexed most of them.
Learn More
Pearson, a UK-based multinational education services provider and one of the world's largest academic publishing companies, has confirmed a cyberattack resulting in the theft of corporate and customer data.
According to BleepingComputer, the initial compromise occurred when threat actors discovered an exposed GitLab Personal Access Token (PAT) in a public .git/config file within Pearson's developer environment. The security lapse provided attackers with access to the company's source code repositories, which contained additional hard-coded credentials and authentication tokens for various cloud platforms.
With the compromised credentials, the attackers reportedly spent months exfiltrating data from Pearson's internal network and cloud infrastructure, including AWS, Google Cloud, and cloud-based database services such as Snowflake and Salesforce CRM. It's suspected that the attackers may have stolen terabytes of sensitive information.
Pearson representative confirmed: "We recently discovered that an unauthorized actor gained access to a portion of our systems. Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts."
While Pearson characterized the compromised information as "largely legacy data," sources familiar with the incident claim the stolen data includes:
- Customer information
- Financial data
- Support tickets
- Source code
The company has declined to provide specific details on the number of affected customers or clarify what they mean by "legacy data.
"We will be sharing additional information directly with customers and partners as appropriate," the spokesperson added.
