• HOME

  • ABOUT

  • SOLUTIONS

  • PAPERS AND PUBLICATIONS

  • CONTACT

  • Blog

  • More

    washingtoncybercenter.com

    © 2023 by Marketing Solutions. Proudly created with Wix.com

    Cybersecurity, the Holiday Season and the Grinch

    December 6, 2019

    Cybersecurity, Vendors and Stolen Laptops

    December 2, 2019

    Cybersecurity and Dental Services

    November 29, 2019

    Cybersecurity and IT Firms

    November 25, 2019

    Cybersecurity and Small Town Attacks

    November 22, 2019

    Cybersecurity and Online Gaming

    November 18, 2019

    Cybersecurity, Backup Services and Ransomware

    November 15, 2019

    Cybersecurity, PLCs and DoS

    November 4, 2019

    Cybersecurity and Student Loans

    November 1, 2019

    Cybersecurity, Automobiles and Inverter Issues

    October 28, 2019

    Please reload

    Recent Posts

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Featured Posts

    Data breach at ed tech

    November 5, 2018

    |

    Charles Parker, II

    Data breach at Chegg Inc. is a publicly traded company, which went public in 2013. The company, based in the US, rents online textbooks, and offers tutorials. Thus, the company does hold and manage sensitive and confidential client information. As this is the case, and the data is very marketable, the company would naturally be a target.

     

    Issue!

    The company was targeted and experienced a data breach. Chegg learned of the breach on September 19, 2018. This is the good news. The company could not have known about this breach at all, and the clients could have been none the wiser. The company detecting this was good for the parties involved. The bad news is the breach occurred on or about April 9, 2018. The attackers could have been in the company's systems for months, unfettered and acquiring the information they wanted. The attackers had the potential to harvest all the data they wanted. Chegg began to notify the affected clients on September 26, 2018. The notice stated the clients' data and other information had been accessed.


    This compromise, beginning in late April 2018 by an unauthorized party or group accessed a company database with their user's data, including the names, emails, shipping addresses, and hashed passwords. Granted the passwords being hashed is a good thing. The curiosity and potential issue is the hashing algorithm was not disclosed. This could have been very weak, and subsequently vulnerable. This also affected the data of its subsidiary Easybib.


    Remediation

    This was a rather serious breach. Due to the client's information being accessed by the unauthorized party, Chegg needed to reset the passwords. This was a rather substantial project, as there were 40M users overall who needed to do this.

     

    Resources

    Cimpanu, c. (2018, September 26). Chegg to reset passwords for 40 million users after April 2018 hack. Retrieved from https://www.zdnet.com/article/chegg-to-reset-passwords-for-40-users-after-april-2018-hack/


    Pymnts. (2018, September 27). Chegg hack hits 40M customers. Retrieved from https://www.pymnts.com/news/securityandrisk/2018/chegg-data-breach/


    Reed, J.R. (2018, September 26). Ed tech company chegg plunges after disclosing data breach. Retrieved from https://www.cnbc.com/2018/09/26/ed-tech-company-chegg-plunges-after-disclosing-data-breach.html

    Reed, J.R. (2018, September 26). Online textbook rental and tutorial company chegg plunges after disclosing data breach. Retrieved from https://sg.finance.yahoo.com/news/online-textbook-rental-tutorial-company-191100361.html


    Securities and Exchange Commissioner (SEC). (2018, September 25). Form 8-K. Retrieved from https://www.sec.gov/Archives/edgar/data/1364954/000136495418000187/cyrus.htm


    Surran, C. (2018, September 26). Chegg -12% after disclosing data breach; reaffirms Q3 guidance. Retrieved from https://seekingalpha.com/news/3393207-chegg-minus-12-percent-disclosing-data-breach-reaffirms-q3-guidance


    Whittaker, Z. (2018, September 26). Chegg resets 40 million user passwords after data breach. Retrieved from https://techcrunch.com/2018/09/26/chegg-resets-40-million-user-passwords-after-data-breach/  

     

    About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

    Share on Facebook
    Share on Twitter
    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    December 2019 (2)

    November 2019 (7)

    October 2019 (7)

    September 2019 (9)

    August 2019 (10)

    July 2019 (8)

    June 2019 (9)

    May 2019 (10)

    April 2019 (9)

    March 2019 (10)

    February 2019 (8)

    January 2019 (9)

    December 2018 (8)

    November 2018 (9)

    October 2018 (9)

    September 2018 (7)

    August 2018 (9)

    July 2018 (9)

    June 2018 (11)

    May 2018 (6)

    April 2018 (9)

    March 2018 (9)

    February 2018 (8)

    January 2018 (6)

    December 2017 (8)

    November 2017 (7)

    October 2017 (10)

    September 2017 (9)

    August 2017 (10)

    July 2017 (8)

    June 2017 (10)

    May 2017 (8)

    April 2017 (7)

    March 2017 (8)

    February 2017 (7)

    January 2017 (8)

    December 2016 (11)

    November 2016 (14)

    October 2016 (14)