May 13 • General discussion
CyberNEWS Question! - PearsonVue and exposed credentials
we must practice Due Diligence CYBER PROS! Exposed credentials in a github vault led to an expensive leak in the world of education.
My question to everyone is what MITRE ATT&CK methods were used in this attack?
"This statement comes after sources told Bleeping-Computer that threat actors compromised Pearson's developer environment in January 2025 through an exposed GitLab Personal Access Token (PAT) found in a public .git/config file.
A .git/config file is a local configuration file used by Git projects to store configuration settings, such as a project name, email address, and other information. If this file is mistakenly exposed and contains access tokens embedded in remote URLs, it can give attackers unauthorized access to internal repositories.
In the attack on Pearson, the exposed token allowed the threat actors to access the company's source code, which contained further hard-coded credentials and authentication tokens for cloud platforms.
Over the following months, the threat actor reportedly used these credentials to steal terabytes of data from the company's internal network and cloud infrastructure, including AWS, Google Cloud, and various cloud-based database services such as Snowflake and Salesforce CRM."
Looking forward to the answers! Keep learning! - https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/
3
0 comments
CyberNEWS Question! - PearsonVue and exposed credentials
powered by
skool.com/pontiac-cyber-pros-6543
Cybersecurity - Networking - Virtual Internship & Sage knowledge for getting into IT or Cyber. Earn CISSP, CISM, CCNP, A+ , N+, SEC +, CYSA
Suggested communities
Powered by