By Zanna Shapiro
Chegg emailed users regarding a data breach that occurred in April 2018.
The email said:
“We recently discovered that some data from your Chegg.com account, or one of its family of student services, may have been acquired by an unauthorized party and I wanted to reach out to you directly to inform you of what happened.
“While our investigation into this matter continues, we are letting you know now because we value our relationship with you and we take the security of your information seriously.
“Our understanding is that the data that may have been obtained could include your name, email address, shipping address, Chegg username, and hashed Chegg password.
“Our current understanding is that no financial information such as credit card numbers, bank account information, or social security numbers was obtained. As a result, we will prompt you to change your Chegg.com or Chegg affiliate password upon login. If your password has been changed on or after September 26th, 2018, you will not be prompted to change it again.
“As a reminder, it is always good practice to use different passwords for different online accounts. To the extent that you used the same password on any websites or apps that you used on your Chegg account, we recommend changing those passwords as well.”
According to reporter Catalin Cimpanu, “Chegg said it discovered the hack a week ago, on September 19, but that the intrusion dates back to April 29.”
“The company said account passwords were protected by a hashing algorithm and were not stored in cleartext, albeit it did not mention which hashing algorithm.”
Chegg also said “hacker(s) did not gain access to Social Security numbers nor financial information, such as payment card or bank account numbers.”
“They [Chegg] certainly are not notifying the public very well. Seems focus is on guidance for stock price, not transparency,” said Phil Hill, an ed tech consultant.