Santa Clara-based Chegg, a prominent education technology firm specializing in textbook rentals has confirmed a data breach that affects some 40 million customers.
In a filing with the Securities and Exchange Commission (SEC), the company revealed it would reset all its user passwords after hackers following the unauthorized access of a database that occurred in April.
Attackers managed to steal customers’ usernames, email addresses, shipping addresses and hashed passwords. Chegg insists it doesn’t believe any financial data was taken during the breach. The company also claimed hackers did not gain access to Social Security numbers.
As an overall consequence, the ed tech company is resetting the passwords of an estimated 40 million customers, informing them of the breach.
“On September 19, 2018, Chegg learned that on or around April 29, 2018, an unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib,” the company said. “The Company understands that the information that may have been obtained could include a Chegg user’s name, email address, shipping address, Chegg username, and hashed Chegg password. The investigation into the incident, which is supported by third-party forensics, is ongoing.”
Although the breach occurred in the first half of 2018, it was only discovered a week ago, details from the filing revealed.
Founded in 2005, the company is primarily known for its textbook rentals and online tutoring courses offered through its portal.
The $3.3 billion company, which went public in 2013, saw its stock slide by more than 10 percent following the disclosure.
Image credit: Pexels.