Chegg, a US-based education technology company based in Santa Clara, plans to reset passwords for over 40 million users following the discovery of a security incident dating back to this year’s spring.
Also: Cheat sheet: How to become a cybersecurity pro TechRepublic
Chegg said it discovered the hack a week ago, on September 19, but that the intrusion dates back to April 29.
“An unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib,” said Chegg in its SEC filing.
An investigation is currently ongoing. Chegg said the hacker(s) “may have” gained access to user data such as names, email addresses, shipping addresses, Chegg.com usernames, and Chegg.com passwords.
The company said account passwords were protected by a hashing algorithm and were not stored in cleartext, albeit it did not mention which hashing algorithm. This is important as many of these algorithms can be broken and the passwords reverted to their plaintext forms.
Chegg said hacker(s) did not gain access to Social Security numbers nor financial information, such as payment card or bank account numbers.
The ed tech company said it plans to reset passwords and notify its userbase, estimated at over 40 million.
Phil Hill, an ed tech consultant who first spotted the SEC form, confirmed that Chegg had not yet started the notification process today, a day after the 8-K filing.
“I get that the company needs to notify the SEC, being a publicly traded company, but they certainly are not notifying the public very well. Seems focus is on guidance for stock price, not transparency,” said Hill.
Tech news site TechCrunch first broke the story, noting that Chegg’s stock price went down 10 percent after news of the hack hit Wall Street.
Chegg was founded in 2005 and is largely known for its online tutoring and textbook rentals services offered through the chegg.com portal.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware – and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you’re in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
Fruitfly malware author used port scanning with weak or no passwords to identify potential victims.
The evolving IoT botnet is able to compromise an impressive array of architectures.
The self-proclaimed Apple fan stole roughly 90GB of confidential data from the iPad and iPhone maker.