Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required."

The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern.

Discord is testing "Discord Orbs," a new in-app currency that rewards users for engaging with interactive ads and promotional Quests. The Verge reports: In addition to spending Orbs on regular items on the Discord Shop, users can exchange the digital tokens for Orb exclusives like special badges or 3-day passes to try out Discord's subscription service, Discord Nitro. Discord says Orbs are rolling out globally to a "small number" of its users to start before a wider rollout. If you're part of the beta test for Orbs, you will get a notification like the one below.

Before this, publishers or brands that offered Quests had to provide their own rewards -- things like avatar decorations or in-game bonuses. They can still do that if they want, Discord spokesperson Bradley Sheets tells The Verge in an email; awarding Orbs is simply an alternative option.

An anonymous reader quotes a report from The Verge: Secretary of State Marco Rubio announced Wednesday that the U.S. would restrict visas for "foreign nationals who are responsible for censorship of protected expression in the United States." He called it "unacceptable for foreign officials to issue or threaten arrest warrants on U.S. citizens or U.S. residents for social media posts on American platforms while physically present on U.S. soil" and "for foreign officials to demand that American tech platforms adopt global content moderation policies or engage in censorship activity that reaches beyond their authority and into the United States."

It's not yet clear how or against whom the policy will be enforced, but seems to implicate Europe's Digital Services Act, a law that came into effect in 2023 with the goal of making online platforms safer by imposing requirements on the largest platforms around removing illegal content and providing transparency about their content moderation. Though it's not mentioned directly in the press release about the visa restrictions, the Trump administration has slammed the law on multiple occasions, including in remarks earlier this year by Vice President JD Vance.

The State Department's homepage currently links to an article on its official Substack, where senior advisor for the Bureau of Democracy, Human Rights, and Labor Samuel Samson critiques the DSA as a tool to "silence dissident voices through Orwellian content moderation." He adds, "Independent regulators now police social media companies, including prominent American platforms like X, and threaten immense fines for non-compliance with their strict speech regulations." "We will not tolerate encroachments upon American sovereignty," Rubio says in the announcement, "especially when such encroachments undermine the exercise of our fundamental right to free speech."

Japan Post has launched a "digital address" system that links seven-digit combinations of numbers and letters to physical addresses. From a report: Under the system, users can input these seven-digit codes on online shopping websites, and their addresses will automatically appear on the sites.

People can obtain digital addresses by registering with Japan Post's Yu ID membership service. Their digital addresses will not change even if their physical addresses change. Their new addresses will be linked to the codes if they submit notices of address changes.

An anonymous reader quotes a report : Washington is joining a growing list of states trying to tear down barriers for consumers who want to repair their electronics rather than buy new ones. Gov. Bob Ferguson last week signed the state's new "Right to Repair" policy, House Bill 1483, into law. It was a yearslong effort to get the law approved. "This is a win for every person in Washington state," said the bill's prime sponsor, Rep. Mia Gregerson, D-SeaTac.

In 2021, the Federal Trade Commission reported that consumers with broken electronics don't have much choice but to replace them because repairs require specialized tools, unique parts and inaccessible proprietary software. And those restrictions, the FTC found, disproportionately burden communities of color and low-income communities. Some companies engage in a practice called "parts pairing" that can make replacing parts of a device impossible. Washington's new law would largely outlaw this tactic.

Starting Jan. 1, 2026, the law will require manufacturers to make tools, parts and documentation needed for diagnostics and maintenance available to independent repair businesses. The requirement applies to digital electronics, like computers, cellphones and appliances, sold in Washington after July 1, 2021. Manufacturers won't be able to use parts that inhibit repairs. The state attorney general's office could enforce violations of the new law under the Consumer Protection Act.

New submitter zuki shares an obit published at The Register: John Young, the co-founder of the legendary internet archive Cryptome, died at the age of 89 on March 28. The Register talked to friends and peers who gave tribute to a bright, pugnacious man who was devoted to the public's right to know.

Before WikiLeaks, OpenLeaks, BayFiles, or Transparency Toolkit, there was Cryptome - an open internet archive that inspired them all, helped ignite the first digital crypto war, and even gave Julian Assange his start before falling out with him on principle.

"Do we need publicly-owned social networks to escape Silicon Valley?" asks an opinion piece in Spain's El Pais newspaper.

It argues it's necessary because social media platforms "have consolidated themselves as quasi-monopolies, with a business model that consists of violating our privacy in search of data to sell ads..." Among the proposals and alternatives to these platforms, the idea of public social media networks has often been mentioned. Imagine, for example, a Twitter for the European Union, or a Facebook managed by media outlets like the BBC. In February, Spanish Prime Minister Pedro Sánchez called for "the development of our own browsers, European public and private social networks and messaging services that use transparent protocols." Former Spanish prime minister José Luis Rodríguez Zapatero — who governed from 2004 until 2011 — and the left-wing Sumar bloc in the Spanish Parliament have also proposed this. And, back in 2021, former British Labour Party leader Jeremy Corbyn made a similar suggestion.

At first glance, this may seem like a good idea: a public platform wouldn't require algorithms — which are designed to stimulate addiction and confrontation — nor would it have to collect private information to sell ads. Such a platform could even facilitate public conversations, as pointed out by James Muldoon, a professor at Essex Business School and author of Platform Socialism: How to Reclaim our Digital Future from Big Tech (2022)... This could be an alternative that would contribute to platform pluralism and ensure we're not dependent on a handful of billionaires. This is especially important at a time when we're increasingly aware that technology isn't neutral and that private platforms respond to both economic and political interests.
There's other possibilities. Further down they write that "it makes much more sense for the state to invest in, or collaborate with, decentralized social media networks based on free and interoperable software" that "allow for the portability of information and content." They even spoke to Cory Doctorow, who they say "proposes that the state cooperate with the software systems, developers, or servers for existing open-source platforms, such as the U.S. network Bluesky or the German firm Mastodon." (Doctorow adds that reclaiming digital independence "is incredibly important, it's incredibly difficult, and it's incredibly urgent."

The article also acknowledges the option of "legislative initiatives — such as antitrust laws, or even stricter regulations than those imposed in Europe — that limit or prevent surveillance capitalism." (Though they also figures showing U.S. tech giants have one of the largest lobbying groups in the EU, with Meta being the top spender...)

Kraken is launching tokenized versions of U.S. equities for 24/7 trading outside the U.S., giving global investors blockchain-based access to major companies like Apple and Tesla. Reuters reports: Tokenization refers to the process of issuing digital representations of publicly-traded securities. Instead of holding the securities directly, investors hold tokens that represent ownership of the securities. The tokens' launch outside the U.S. comes amid growing interest in blending traditional finance with blockchain infrastructure. While tokenized securities have yet to gain widespread adoption, proponents say they hold the potential to significantly reshape how people access and invest in financial markets.

In a January opinion piece for the Washington Post, Robinhood CEO Vlad Tenev said tokenization could also allow retail investors to access private companies' stocks. Kraken's tokens, called xStocks, will be available in select markets outside the United States, it said, without naming the markets. The move was earlier reported by the Wall Street Journal. The offering is currently not available for U.S. customers.

Richard Speed writes via The Register: It was 30 years ago when the first public release of the Java programming language introduced the world to Write Once, Run Anywhere -- and showed devs something cuddlier than C and C++. Originally called "Oak," Java was designed in the early 1990s by James Gosling at Sun Microsystems. Initially aimed at digital devices, its focus soon shifted to another platform that was pretty new at the time -- the World Wide Web.

The language, which has some similarities to C and C++, usually compiles to a bytecode that can, in theory, run on any Java Virtual Machine (JVM). The intention was to allow programmers to Write Once Run Anywhere (WORA) although subtle differences in JVM implementations meant that dream didn't always play out in reality. This reporter once worked with a witty colleague who described the system as Write Once Test Everywhere, as yet another unexpected wrinkle in a JVM caused their application to behave unpredictably. However, the language soon became wildly popular, rapidly becoming the backbone of many enterprises. [...]

However, the platform's ubiquity has meant that alternatives exist to Oracle Java, and the language's popularity is undiminished by so-called "predatory licensing tactics." Over 30 years, Java has moved from an upstart new language to something enterprises have come to depend on. Yes, it may not have the shiny baubles demanded by the AI applications of today, but it continues to be the foundation for much of today's modern software development. A thriving ecosystem and a vast community of enthusiasts mean that Java remains more than relevant as it heads into its fourth decade.

An anonymous reader quotes a report from Ars Technica, written by Nate Anderson: Don't worry about the "mission-driven not-for-profit" College Board -- it's drowning in cash. The US group, which administers the SAT and AP tests to college-bound students, paid its CEO $2.38 million in total compensation in 2023 (the most recent year data is available). The senior VP in charge of AP programs made $694,662 in total compensation, while the senior VP for Technology Strategy made $765,267 in total compensation. Given such eye-popping numbers, one would have expected the College Board's transition to digital exams to go smoothly, but it continues to have issues.

Just last week, the group's AP Psychology exam was disrupted nationally when the required "Bluebook" testing app couldn't be accessed by many students. Because the College Board shifted to digital-only exams for 28 of its 36 AP courses beginning this year, no paper-based backup options were available. The only "solution" was to wait quietly in a freezing gymnasium, surrounded by a hundred other stressed-out students, to see if College Board could get its digital act together. [...] College Board issued a statement on the day of the AP Psych exam, copping to "an issue that prevented [students] from logging into the College Board's Bluebook testing application and beginning their exams at the assigned local start time." Stressing that "most students have had a successful testing experience, with more than 5 million exams being successfully submitted thus far," College Board nonetheless did "regret that their testing period was disrupted." It's not the first such disruption, though. [...]

College Board also continues to have problems delivering digital testing at scale in a high-pressure environment. During the SAT exam sessions on March 8-9, 2025, more than 250,000 students sat for the test -- and some found that their tests were automatically submitted before the testing time ended. College Board blamed the problem on "an incorrectly configured security setting on Bluebook." The problem affected nearly 10,000 students, and several thousand more "may have lost some testing time if they were asked by their room monitor to reboot their devices during the test to fix and prevent the auto-submit error." College Board did "deeply and sincerely apologize to the students who were not able to complete their tests, or had their test time interrupted, for the difficulty and frustration this has caused them and their families." It offered refunds, plus a free future SAT testing voucher.

Europe has created just 14 companies worth more than $10 billion over the past 50 years compared to 241 in the United States, underscoring the continent's struggle to compete in the global technology race despite having a larger population and similar education levels.

The productivity gap has widened dramatically since the digital revolution began. European workers produced 95% of what their American counterparts made per hour in the late 1990s, but that figure has dropped to less than 80% today. Only four of the world's top 50 technology companies are European, and none of the top 10 quantum computing investors operate from Europe.

Several high-profile European entrepreneurs have relocated to Silicon Valley, including Thomas Odenwald, who quit German AI startup Aleph Alpha after two months, citing slow decision-making and lack of stock options for employees. "If I look at how quickly things change in Silicon Valley...it's happening so fast that I don't think Europe can keep up with that speed," Odenwald said.

The challenges extend beyond individual companies. European businesses spend 40% of their IT budgets on regulatory compliance, according to Amazon surveys, while complex labor laws create three-month notice periods and lengthy noncompete clauses.

Nvidia is facing backlash for allegedly manipulating the review process of its GeForce RTX 5060 GPU by withholding drivers, selectively granting early access to favorable reviewers, and pressuring media to present the card in a positive light. As The Verge's Sean Hollister writes, the debacle "should be a wake-up call for gamers and reviewers." Here's an excerpt from the report: Nvidia has gone too far. This week, the company reportedly attempted to delay, derail, and manipulate reviews of its $299 GeForce RTX 5060 graphics card, which would normally be its bestselling GPU of the generation. Nvidia has repeatedly and publicly said the budget 60-series cards are its most popular, and this year it reportedly tried to ensure it by withholding access and pressuring reviewers to paint them in the best light possible.

Nvidia might have wanted to prevent a repeat of 2022, when it launched this card's predecessor. Those reviews were harsh. The 4060 was called a "slap in the face to gamers" and a "wet fart of a GPU." I had guessed the 5060 was headed for the same fate after seeing how reviewers handled the 5080, which similarly showcased how little Nvidia's hardware has improved year over year and relies on software to make up the gaps. But Nvidia had other plans. Here are the tactics that Nvidia reportedly just used to throw us off the 5060's true scent, as individually described by GamersNexus, VideoCardz, Hardware Unboxed, GameStar.de, Digital Foundry, and more:

- Nvidia decided to launch its RTX 5060 on May 19th, when most reviewers would be at Computex in Taipei, Taiwan, rather than at their test beds at home.
- Even if reviewers already had a GPU in hand before then, Nvidia cut off most reviewers' ability to test the RTX 5060 before May 19th by refusing to provide drivers until the card went on sale. (Gaming GPUs don't really work without them.)
- And yet Nvidia allowed specific, cherry-picked reviewers to have early drivers anyhow if they agreed to a borderline unethical deal: they could only test five specific games, at 1080p resolution, with fixed graphics settings, against two weaker GPUs (the 3060 and 2060 Super) where the new card would be sure to win.
- In some cases, Nvidia threatened to withhold future access unless reviewers published apples-to-oranges benchmark charts showing how the RTX 5060's "fake frames" MFG tech can produce more frames than earlier GPUs without it.

Some reviewers apparently took Nvidia up on that proposition, leading to day-one "previews" where the charts looked positively stacked in the 5060's favor [...]. But the reality, according to reviews that have since hit the web, is that the RTX 5060 often fails to beat a four-year-old RTX 3060 Ti, frequently fails to beat a four-year-old 3070, and can sometimes get upstaged by Intel's cheaper $250 B580. And yet, the 5060's lackluster improvements are overshadowed by a juicier story: inexplicably, Nvidia decided to threaten GamersNexus' future access over its GPU coverage. Yes, the same GamersNexus that's developed a staunch reputation for defending consumers from predatory behavior, and just last month published a report on "GPU shrinkflation" that accused Nvidia of misleading marketing. Bad move! [...]

Nvidia is within its rights to withhold access, of course. Nvidia doesn't have to send out graphics cards or grant interviews. It'll only do it if it's good for business. But the unspoken covenant of product reviews is that the press, as a whole, gets a chance to warn the public if a movie, video game, or GPU is not worth their money. It works both ways: the media also gets the chance to warn that a product is so good you might want to line up in advance. That unspoken rule is what Nvidia is trampling here.

Quebec Culture Minister Mathieu Lacombe has introduced Bill 109, which would require streaming platforms like Netflix and Spotify to feature and prioritize French-language content. CBC.ca reports: Bill 109 has been in the works for over a year. It marks the first time that Quebec would set a "visibility quota" for French-language content on major streaming platforms such as Netflix, Disney and Spotify. [...] The legislation, titled An Act to affirm the cultural sovereignty of Quebec and to enact the Act respecting the discoverability of French-language cultural content in the digital environment, would apply to every digital platform that offers a service for watching videos or listening to music and audiobooks online. Those include Canadian platforms such as Illico, Crave and Tou.tv. It would amend the Quebec Charter of Human Rights and Freedoms to enshrine "the right to discoverability of and access to original French-language cultural content."

If the bill is adopted, streaming platforms and television manufacturers would be forced to present interfaces for screening online videos in French by default. Those interfaces would need to provide access to platforms that offer original French-language cultural content based on the government's pending criteria. Financial penalties would be imposed on companies that don't follow the rules. If the business models of some companies prevent them from keeping to the letter of the proposed law, companies would be allowed to enter into an agreement with the Quebec government to set out "substitute measures" to fulfil Bill 109 obligations differently. "We don't want to exempt them. We're telling them, 'let's negotiate substitute measures,'" Lacombe told reporters.

An anonymous reader quotes a report from CNBC: Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe. The tech giant said in a blog post that its digital crimes unit discovered more than 394,000 Windows computers were infected by the Lumma malware worldwide between March 16 through May 16. The Lumma malware was a favorite hacking tool used by bad actors, Microsoft said in the post. Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrency wallets.

Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma's infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia. The U.S. Department of Justice then took control of Lumma's "central command structure" and squashed the online marketplaces where bad actors purchased the malware. The cybercrime control center of Japan "facilitated the suspension of locally based Lumma infrastructure," the blog post said. "Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," Microsoft said in the post. "Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes." Cloudflare, Bitsight and Lumen also helped break down the Lumma malware ecosystem.

SAG-AFTRA has filed a labor complaint against Fortnite developer Epic Games, alleging the game improperly used AI to replicate James Earl Jones' Darth Vader voice without bargaining with the union, despite the estate's approval. Gizmodo reports: The union has now filed an unfair labor practice charge (link to the PDF is on the SAG-AFTRA website) that calls out "Fortnite's signatory company, Llama Productions" for "[replacing] the work of human performers with AI technology" without "providing any notice of their intent to do this and without bargaining with us over appropriate terms."

The union notes that it's not against the general idea here: "We celebrate the right of our members and their estates to control the use of their digital replicas and welcome the use of new technologies to allow new generations to share in the enjoyment of those legacies and renowned roles." The problem is that the AI being used here makes human voice actors obsolete, and "we must protect our right to bargain terms and conditions around uses of voice that replace the work of our members, including those who previously did the work of matching Darth Vader's iconic rhythm and tone in video games."

So far there's been no response from Epic Games on the filing. The Hollywood Reporter notes that despite the SAG-AFTRA's still-ongoing Interactive Media Agreement strike, which has been stuck for months on negotiating "AI protections for voice actors in video games," actors can actually work on Fortnite without violating the strike, since the game falls under an exception for titles that were in production before August 2023.

"Shares of Ubisoft sank 18% on Thursday," reports CNBC, "after the French video game firm reported full-year earnings that disappointed investors... The company's shares have lost almost 60% of their value in the past 12 months, as the firm faced financial struggles, development hurdles, and underperformance of some of its key titles."

Ubisoft said its latest Assassin's Creed game "delivered the second-highest Day 1 sales revenue in franchise history and set a new record for Ubisoft's Day 1 performance on the PlayStation digital store," according to Reuters. And AFP notes that according to data from consultancy Circana, that game become the second-best-selling game of the year so far in the U.S. But... [A] string of disappointing releases undermined this year's performance, with a net loss of 159 million euros ($178 million) on revenues of 1.9 billion — down 17.5 percent year-on-year. Over the past 12 months, Ubisoft's would-be blockbuster "Star Wars Outlaws" fell short of sales expectations on release, while it cancelled multiplayer first-person shooter "XDefiant" for lack of players. "This year has been a challenging one for Ubisoft, with mixed dynamics across our portfolio, amid intense industry competition," chief executive Yves Guillemot said in a statement. But a string of disappointing releases undermined this year's performance, with a net loss of 159 million euros ($178 million) on revenues of 1.9 billion — down 17.5 percent year-on-year.

The group expects the measure to hold steady in the coming 2025-26 financial year, during which it will release a new "Prince of Persia" game, strategy title "Anno 117: Pax Romana" and mobile versions of shooters "Rainbow Six" and "The Division"... Moving to address its business woes, Ubisoft said in late March that it would create a new subsidiary to manage its three top franchises: "Assassin's Creed", "Far Cry" and "Rainbow Six".
"Since January, the shares have lost more than 12 percent, touching their lowest price in over a decade in April."

Walmart is preparing for a future where AI agents shop on behalf of consumers by adapting its systems to serve both humans and autonomous bots. As major players like Visa and PayPal also invest in agentic commerce, Walmart is positioning itself as a leader by developing its own AI agents and supporting broader industry integration. PYMNTS reports: Instead of scrolling through ads or comparing product reviews, future consumers may rely on digital assistants, like OpenAI's Operator, to manage their shopping lists, from replenishing household essentials to selecting the best TV based on personal preferences, according to the report (paywalled). "It will be different," Walmart U.S. Chief Technology Officer Hari Vasudev said, per the report. "Advertising will have to evolve." The emergence of AI-generated summaries in search results has already altered the way consumers gather product information, the report said. However, autonomous shopping agents represent a bigger transformation. These bots could not only find products but also finalize purchases, including payments, without the user ever lifting a finger. [...]

Retail experts say agentic commerce will require companies to overhaul how they market and present their products online, the WSJ report said. They may need to redesign product pages and pricing strategies to cater to algorithmic buyers. The customer relationship could shift away from retailers if purchases are completed through third-party agents. [...] To prepare, Walmart is developing its own AI shopping agents, accessible through its website and app, according to the WSJ report. These bots can already handle basic tasks like reordering groceries, and they're being trained to respond to broader prompts, such as planning a themed birthday party. Walmart is working toward a future in which outside agents can seamlessly communicate with the retailer's own systems -- something Vasudev told the WSJ he expects to be governed by industry-wide protocols that are still under development. [...]

Third-party shopping bots may also act independently, crawling retailers' websites much like consumers browse stores without engaging sales associates, the WSJ report said. In those cases, the retailer has little control over how its products are evaluated. Whether consumers instruct their AI to shop specifically at Walmart or ask for the best deal available, the outcomes will increasingly be shaped by algorithms, per the report. Operator, for example, considers search ranking, sponsored content and user preferences when making recommendations. That's a far cry from how humans shop. Bots don't respond to eye-catching visuals or emotionally driven branding in the same way people do. This means retailers must optimize their content not just for people but for machine readers as well, the report said. Pricing strategies could also shift as companies may need to make rapid pricing decisions and determine whether it's worth offering AI agents exclusive discounts to keep them from choosing a competitor's lower-priced item, according to the report.

Western Digital has made a strategic investment in German startup Cerabyte, a company developing nearly indestructible ceramic-based data storage technology. The partnership aims to accelerate commercialization of Cerabyte's ceramic-on-glass material, which the company claims can preserve data for 5,000 years.

Cerabyte recently demonstrated its technology's resilience by boiling storage devices in salt water and subjecting them to oven-level heat. The company states its ceramic storage withstands fire, moisture, UV light, radiation, corrosion, and EMP bursts. Beyond durability, Cerabyte aims to enable massive capacity increases as the industry moves toward what it calls the "Yottabyte era," while targeting storage costs below $1 per TB by 2030.

An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information. The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.