Homework help site Chegg accused of leaking user data
Four incidents affected around 40 million Chegg users
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Homework help site Chegg has leaked sensitive consumer data on more than one occasion in previous years due to its below-par security, an official report has declared.
Apostfrom the US Federal Trade Commission (FTC) claims Chegg leakedidentity dataon more than 40 million consumers, casting serious doubts over its cybersecurity practices.
The FTC claimed that Chegg could have avoided most of these problems had it simply followed the basics of securing sensitive data. What’s more, the company also did not properly monitor its networks for attempts at unauthorized access and data theft.
Four major incidents
The FTC list of accusations includes the claims that Chegg didn’t require multi-factor authentication (MFA) for account access to its AWS S3 cloud databases, stored user and employee personal information in plain text,protected passwords with outdated cryptographic hash functions, did not provide adequate training for its employees and contractors, and did not set up processes for inventorying and deleting customer and employeedatathat was no longer needed.
All in all, the FTC listed four separate incidents: two involving the exposure of payroll information to scammers, one the leaking of sensitive material online and another where an executive’s email account was compromised.
What is phishing and how dangerous is it?>Phishing attacks are getting more and more sophisticated>Check out the best firewalls right now
This included one where an employee fell for a phishing attack and gave someone access to the employees’ direct deposit payroll information, one where a former contractor who used Chegg’s AWS credentials to take sensitive material from one of its S3 databases and ultimately leak it online, one in which a phishing attack resulted in the compromise of an executive’s email inbox, and one in which a senior employee responsible for payroll gave an intruder access to the company’s payroll system.
As a result, the attacker stole W-2 information on some 700 current and former employees, including birthdates and Social Security numbers.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Chegg settled its case with the FTC by agreeing to comprehensively restructure its data protection practices. Among other things, the company will now follow a schedule for the personal data it collects, why it collects it, and when it will ultimately delete it.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
How to turn off Meta AI
