- Hackers gained unauthorized access to the database that hosted Chegg’s user data.
- The compromised data includes names, email addresses, shipping addresses and hashed passwords of customers.
US-based education technology firm Chegg was hit by hackers back in April 2018. The firm is now planning to reset the passwords of 40 million customers. The company proposed the plan to reset user passwords when it reporting the breach to the US Securities and Exchange Commission (SEC).
Chegg submitted a report to the SEC on September 25 claiming that it discovered the breach on September 19. The firm found that attackers had gained unauthorized access to one of its databases that contained Chegg users’ data. The database also included sensitive information of Chegg’s family brands, such as EasyBib, according to Chegg’s report.
The data compromised by the breach includes users’ names, email addresses, shipping addresses, as well as the username and hashed passwords of Chegg accounts. The company claimed that no social security numbers or financial information were impacted by the breach.
“Chegg takes the security of its users’ information seriously and will be initiating a password reset process for all user accounts,” said Chegg in its SEC filing.
Chegg is currently still investigating the incident and will soon start to notify its 40 million users about the breach. After Chegg announced that it fell victim to a breach, the firm's stock plunged over 12 percent - the worst day of trading for firm since February 2016, CNBC reported.