Re: Chegg Data Breach notification (Thanks to HIBP)

[Brandon Hume <brandon.hume () DAL CA>]

On 2019-09-23 4:33 p.m., Barton, Robert W. wrote:
If they have done their work in some areas, but not others, the site password should be a hash anyway and thus of 
limited (no) use.  Although, if the passwords are kept in a non-encrypted format, I can see where knowing what people 
are using for passwords could give you a good idea as to IF they are using good password hygiene/policy.


According to reports the original dump had the passwords in MD5 format, so only one or two steps off from cleartext.  
I'm assuming the reason we're seeing this rush now is because some go-getter finally ran it through a rainbow table and 
put it out for the rest to swarm.

I can testify that while there's been some weak passwords, I've also seen some very strong passwords taken.  The 
quality of the password really doesn't mean much when the attacker sees it clear as day.  The real issue is password 
re-use in this case, and that's probably the best direction to take when communicating.

In the meanwhile... what's the high score?  We're closing in on two hundred compromised accounts so far, two of which 
showed themselves while I was actually writing this message.

And I have to say... while I've been a "cloud-resistant" individual, I have to admit O365's threat detection heuristics 
are really borderline magical.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community