Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached

← Back to Stories (view on slashdot.org)

Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached

Posted by timothy on Tuesday November 24, 2015 @02:34AM from the business-ownership dept.

An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story: Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers. According to a note on Pearson's site, the system remains down for the time being.

25 comments

Min score:

Reason:

Sort:

Symantec too by DougOtto · 2015-11-24 02:39 · Score: 1

Got the email last night stemming from my old Veritas certs.

--
Solving Unix problems since 1989...
Microsoft uses Pearson VUE by Anonymous Coward · 2015-11-24 02:45 · Score: 0

I know I got emails from them with information about my certification exams. Haven't seen any email relating to this breach yet.
1. Re:Microsoft uses Pearson VUE by DougOtto · 2015-11-24 02:47 · Score: 2
  
  Not every vendor who tests through PeasonVUE uses their credential system. GIAC, for example, does not.
  
  --
  Solving Unix problems since 1989...
Worldwide Wallpaper Prices by Bing+Tsher+E · 2015-11-24 02:45 · Score: 1

Prices plummet worldwide on wallpaper as the credentialism plague spreads.
1. Re:Worldwide Wallpaper Prices by Anonymous Coward · 2015-11-24 04:07 · Score: 0
  
  certs are great, they prove that the person who has them is also great. just in case you had any doubts about that.
2. Re:Worldwide Wallpaper Prices by cleara · 2015-11-24 04:50 · Score: 1
  
  Maybe certificate wallpaper, but fabric wallpaper? No way! I saw some silk wall covering that was north of $150.00 per square yard :)
  
  --
  Most Respectfully Yours Mrs. Cleara Plastique
Pearson is the devil incarnate by Anonymous Coward · 2015-11-24 02:46 · Score: 0

for their textbook prices.
pearson & cleartext passwords by i.r.id10t · 2015-11-24 02:58 · Score: 1

Not sure on the PearsonVUE side, but the regular Pearson Learning - for access to their publisher created resources/course content - stores passwords as clear text.
I've reported it as a BIG issue to our local sales rep and the regional boss rep, but I don't think anything has been done about it.

--
Don't blame me, I voted for Kodos
2015: The Year of Bending Over by __aaclcg7560 · 2015-11-24 03:24 · Score: 3, Informative

As a government I.T. worker with a security clearance, my background investigative file got stolen by the Chinese earlier. Now my certification records are stolen. What's next?
1. Re:2015: The Year of Bending Over by Anonymous Coward · 2015-11-24 04:00 · Score: 1
  
  Being that you are in the security field you should know by now that security is just an illusion.
2. Re:2015: The Year of Bending Over by __aaclcg7560 · 2015-11-24 04:29 · Score: 2
  
  Having a security clearance doesn't mean being in the security field.
Irony by mistaryte · 2015-11-24 03:46 · Score: 0

Think I went through these gius to get the CompTIA Security+ certification.
Good God; Why? by fuzzyfuzzyfungus · 2015-11-24 04:51 · Score: 1

Why would so many companies(some with actual software development experience; and others dangerously willing to try, like Adobe) put up with Pearson software?

I realize that testing isn't a core competency and whatnot; but Pearson provides software; as written by people who shouldn't be allowed to write textbooks; but who are dangerously good at writing contracts. It couldn't possibly be worse if Adobe took a stab at writing a testing module based on some hideous combination of shockwave Xtras and Coldfusion. Hell, extending Lotus Notes to test people for specific credentials, as well as test their sanity, would produce a better result. Why? Why Pearson?
1. Re:Good God; Why? by Anonymous Coward · 2015-11-24 05:10 · Score: 0
  
  Pearson also does the (written) Foreign Service Exams for the State Department. The breach may get personal data on diplomats.
  The State Department is one of the few clients of Pearson VUE that doesn't require palm vein prints or other biometric identification. Not sure if that's good or bad in the context of a breach.
2. Re:Good God; Why? by TWX · 2015-11-24 08:36 · Score: 1
  
  Why would so many companies(some with actual software development experience; and others dangerously willing to try, like Adobe) put up with Pearson software?
  Probably because PearsonVue has a vast distribution network in that they've associated themselves with thousands of local testing centers. It means that the burden, from a facility point of view, is low on those seeking the certs.
  
  Now, I can tell you first-hand that the exams themselves are shit. They look like they were written in Hypercard on an 800x600 screen that's poorly mapped and essentially not-anti-aliased across the fairly modern 16:9 displays in the testing centers, and it's impossible to put all of the content on-screen that's necessary, so it's a lot harder to keep everything straight.
  
  I'm not asking for multiple 4K displays to have the simlet, the diagram, and the questions on, I'm asking for a display that looks as decent as my eight year old Gateway laptop. Having something that looks more at home in Windows 3.1 is pathetic.
  
  --
  Do not look into laser with remaining eye.
Re:Frosty porn! by Anonymous Coward · 2015-11-24 05:09 · Score: 0

Sweet!
The horror by Anonymous Coward · 2015-11-24 05:40 · Score: 0

The outcome is what, exactly, more paper MCSEs and H1Bs running around claiming that they're qualified?
When you can get 100 copies of an exam on the Internet, certifications mean nothing.
These Tests were Unfair a long time ago by c0d3r · 2015-11-24 06:40 · Score: 1

Some time around 1996 I was trying to get MCSD and they failed me by no more than 3 points 8 times on the last test. I had bought nearly every book on the subject. I have lost faith in these tests. There was even a question asking me if i'd suggest using Microsoft products or not to a client.
I think they just didn't want to give me the certification. I even asked to challenge it, and I was told I could only challenge a question.
impressive by Anonymous Coward · 2015-11-24 07:12 · Score: 0

wow... 500 affected customers... such news ... truly slashdot worthy
Its Pearson........ by Anonymous Coward · 2015-11-24 08:37 · Score: 0

Its Pearson what else can you say.
They are one of the worst companies, enough said.
PMC has been compromised with the help of malware by nickweller · 2015-11-24 09:21 · Score: 1

What operating system did this malware run on?
thoughts by Anonymous Coward · 2015-11-24 14:26 · Score: 0

... deliver and grow their testing programs ...

First thought, Now every kid can hack their semester grades. Second thought, the real problem is Pearson can no longer sell access to student's academic history.