Breach of the Week: Chegg Data Breach


BOTW Chegg

What happened:

Chegg, an education technology company has announced that the company suffered a data breach.

The breach occurred in April, but it was only discovered last week on September 19. The unauthorized party gained access to a company database that hosts user data for Chegg.com. It is estimated that the hackers accessed the data of 40 million customers.

While the investigation is still ongoing, the hackers potentially accessed personal data including names and shipping addresses as well as personal digital data including email addresses, Chegg.com usernames, and passwords. No Social Security or financial information was accessed.

Chegg account passwords are protected by a hashing algorithm rather than being stored in cleartext. The type of hashing algorithm was not released. This is notable because many algorithms can be broken revealing the plaintext password.  The company announced that it will be initiating the resetting of passwords.

How the hackers gained access is currently unknown.