Chegg’s 40 m Users to be Issued Fresh Passwords in the Aftermath of Hack

Education technology firm Chegg situated in Santa Clara, USA is considering creating fresh passwords for more than 40m consumers after it discovered one security breach occurring earlier this year. Founded during 2005, Chegg provides textbook rental and online tutoring services through its chegg.com portal. The said breach affected database comprising those related to Chegg website users as well as the firm's EasyBib citation service. Chegg informed about the breach through one 8-K form [1, 2] it submitted to the Securities and Exchange Commission, 25th September, 2018.

It's only on 19th September that Chegg uncovered the hack, it reported within its filing with the SEC; however, the intrusion occurred on April 29, 2018. According to the firm, an unauthorized entity acquired admission into Chegg's company database which supports consumer data obtained from chegg.com along with one of the firm's brand groups, namely EasyBib. In 2013, Chegg opened up for the public, so now its valuation is $3.3bn.

The security breach against Chegg is presently undergoing investigation. Chegg presumes the cyber thugs managed getting hold over user data like e-mail ids, names, usernames and passwords for the firm's website, and postal addresses.

Incidentally, Chegg uses certain hashing algorithm to protect account passwords, while it doesn't save the credentials in cleartext. However, the firm didn't tell the name of the hashing algorithm it uses, which's significant since a lot of algorithms are easy to crack with the passwords taken back in their plaintext styles.

In its filing Chegg further stated that the hackers couldn't get their hold over either bank account/payment card details or Social Security Numbers of its consumers. Meanwhile, the notification procedure by Chegg, according to Phil Hill a consultant for education technology, hadn't yet begun the next day of the 8-K form's submission.

Hill said the firm in his opinion required informing the SEC because of its nature of getting traded publicly. However, the firm appeared as putting more attention on its stock price than notifying the common people appropriately.

TechCrunch a technology news website scooped about Chegg's fallback, indicating the downward trend of the firm's stock price by 10% following the hack.

» SPAMfighter News - 10/2/2018