For all students out there using EasyBib, it’s time to reset your account passwords at Chegg. Reportedly, Chegg reset the passwords of its entire customer base after noticing a massive data breach that occurred earlier this year.
Chegg Resets Passwords of 40 Million Users
An education technology company “Chegg” reportedly suffered a massive breach a few months ago. The incident, however, remained hidden as the company didn’t notice the hack previously. Nonetheless, recently, an Ed-tech consultant and blogger, Phil Hill, stumbled upon an 8-K form filed with the SEC (Securities and Exchange Commission) that made him aware about the breach. He then broke the news in his tweet.
Chegg announces data breach from a week ago that includesdpersonal info but not financial info; will notify 40 million customers starting today. https://t.co/HDdZjhhwcy #edtech pic.twitter.com/1YESNDI4qx
— Phil Hill (@PhilOnEdTech) September 26, 2018
The contents of the form revealed a major hacking attempt on the firm’s database in April 2018, that made Chegg reset passwords of the entire user base. As stated in the form,
“On September 19, 2018, Chegg learned that on or around April 29, 2018, an unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib.”
Upon noticing the incident, Chegg began investigating the matter that revealed that the hackers might have accessed various customer details.
“The Company understands that the information that may have been obtained could include a Chegg user’s name, email address, shipping address, Chegg username, and hashed Chegg password.”
While the firm clearly states about hashed passwords, they didn’t mention any details about the hashing algorithm. Thus, the fear of breaking the hash to reveal plain-text passwords remains.
Financial Data Remained Safe
As a partial sigh of relief, the company stated in the form that the financial details of customers remained safe. They also mentioned that the breach also did not affect customers’ Social Security numbers.
“To date, the Company understands that no social security numbers or financial information such as users’ credit card numbers or bank account information were obtained.”
The firm allegedly began reporting the affectees about the breach from September 26, 2018. The attack affected the company’s customer base of 40 million. Consequently, the company plans to reset all users’ passwords for security purposes. The investigations are still underway to find out more details about the matter.