Threat Watch

Chegg Recently Discovered an April Breach; Resets 40 Million Passwords

Chegg is a publicly-traded corporation known for student assistant services with a reported 40 million subscribers. They were required to inform the SEC of a breach they suffered in April, which has led to the resetting of user passwords. The breach was discovered on September 19th and was reported to the SEC on the 25th. “Chegg takes the security of its users’ information seriously and will be initiating a password reset process for all user accounts,” said Chegg in its report to the SEC. Unknown attackers infiltrated a database that contained Chegg user information, as well as info from a Chegg subsidiary, EasyBib. Data such as names, email addresses, shipping addresses, usernames, and hashed passwords were exposed. Even though a significant amount of information was accessed, no social security numbers or financial data was compromised. An investigation is ensuing and Chegg is starting to report the breach to their users. They suffered the worst stock plunge by any firm since 2016–dropping twelve percent.

ANALYST NOTES