Stride Learning Company, a for-profit education company that provides online and blended learning programs for students from kindergarten through adulthood, has allegedly been compromised by the threat actor ShadowByt3$. The incident is reportedly part of a broader mass-scanning campaign called “Operation Cloud,” which targets large companies for misconfigurations. The attacker is demanding a $500,000 ransom in exchange for proof of data deletion.
According to the actor, the allegedly compromised data includes:
-
Corporate Intelligence & Reconnaissance, which exposes Developer Metadata (.DS_Store files), internal Infrastructure Naming Maps, and Supply Chain Intel confirming integration with Pearson.
-
Technical Secrets & Logic files, consisting of Hardcoded Logic (user.js & data.js), Configuration Metadata (JSON files) leaking API endpoints, and Project “Skeleton” XML files.
-
Stolen Intellectual Property, encompassing Teacher Answer Keys, Proprietary Curriculum PDFs, and Interactive Source Code for teaching modules.
-
Media & Branding Assets, including branded graphics, training videos, and Phishing Kits designed to mimic Stride Learning or Pearson login portals.
-
The threat actor claims that no student or teacher information was compromised during the incident, and that the stolen files consist entirely of corporate assets and intellectual property.












