Chegg, Inc.

In September 2018, the California Office of the Attorney General disclosed a data breach affecting Chegg, Inc., an education technology company. The incident, discovered around April 29, 2018, involved an unauthorized party accessing a database containing sensitive user information. The compromised data included names, email addresses, shipping addresses, usernames, and hashed passwords. While no financial details (e.g., credit card numbers or bank statements) were reported as stolen, the exposure of personal and login credentials posed significant risks. Hashed passwords, though encrypted, could still be vulnerable to cracking attempts, potentially leading to unauthorized account access or credential stuffing attacks across other platforms where users reused passwords. The breach highlighted vulnerabilities in Chegg’s data security measures, raising concerns about user privacy and the potential for downstream fraud or identity theft. Customers were advised to reset passwords and monitor accounts for suspicious activity, though the long-term reputational and operational impacts on Chegg remained a concern.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-140180

TPRM report: https://www.rankiteo.com/company/chegg-inc-

"id": "che019090625",
"linkid": "chegg-inc-",
"type": "Breach",
"date": "4/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education Technology',
                        'location': 'California, USA',
                        'name': 'Chegg, Inc.',
                        'type': 'Corporation'}],
 'data_breach': {'data_encryption': 'Partially (hashed passwords)',
                 'data_exfiltration': 'Likely (unauthorized access to '
                                      'database)',
                 'personally_identifiable_information': ['names',
                                                         'email addresses',
                                                         'shipping addresses',
                                                         'usernames'],
                 'sensitivity_of_data': 'Moderate (hashed passwords, no '
                                        'financial data)',
                 'type_of_data_compromised': ['PII (Personally Identifiable '
                                              'Information)']},
 'date_detected': '2018-04-29',
 'date_publicly_disclosed': '2018-09-26',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Chegg, Inc. on September 26, 2018. It was '
                'discovered that, on or around April 29, 2018, an unauthorized '
                'party gained access to a database containing user data, which '
                'may have included names, email addresses, shipping addresses, '
                'usernames, and hashed passwords, although no financial '
                'information was reported as compromised.',
 'impact': {'data_compromised': ['names',
                                 'email addresses',
                                 'shipping addresses',
                                 'usernames',
                                 'hashed passwords'],
            'identity_theft_risk': 'Potential (PII exposed)',
            'payment_information_risk': 'None (no financial information '
                                        'compromised)',
            'systems_affected': ['user database']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'response': {'law_enforcement_notified': 'Yes (California Office of the '
                                          'Attorney General)'},
 'threat_actor': 'Unauthorized party',
 'title': 'Chegg, Inc. Data Breach (2018)',
 'type': 'Data Breach'}