Educause Security Discussion mailing list archives
Re: Chegg Data Breach notification (Thanks to HIBP)
From: Ken Connelly <ken.connelly () UNI EDU>
Date: Fri, 16 Aug 2019 08:31:01 -0500
yes, yes, no. For all similar reports that include a password in the stolen data, we send this message to the affected accounts.
In April 2018, the textbook rental service Chegg suffered a data breach <https://techcrunch.com/2018/09/26/chegg-resets-40-million-user-passwords-after-data-breach/> that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored as unsalted MD5 hashes. There are several things that you should do, depending upon your circumstances: * If the password you used at Chegg was the same as your uni.edu CatID passphrase, you must change your CatID passphrase immediately. To do that, login to the UNI portal/MyUNIverse and find the link in the "My Account" applet in the upper right corner of the screen. * If Chegg has provided information about changing your Chegg password, you should follow those instructions. If you have not heard from Chegg about your stolen account information, you should login to the Chegg website and change your password now. * If the password you used on Chegg was also used on other sites, you should also change your password on those other sites. It is never a good idea to share passwords between sites. There are password managers that can help you maintain distinct passwords on different sites and also safely store those to enable easy access when needed. Two examples that I use are LastPass and KeePass. They have somewhat different functionality, but are both good options. Thanks for your attention to this matter.
Feel free to steal and adapt as you wish. -ken On 8/16/19 8:03 AM, Frank Barton wrote:
Good morning folks, I'm sure a bunch of you got similar notifications this morning that $BIGNUM accounts at your domain were impacted by the April 2018 Chegg Data breach. We are looking at how we want to address this, as I'm sure that many students use the same password everywhere. have any of you decided how you are going to address this? Are you notifying impacted users? Are you requiring a password reset for campus systems? Thank You Frank -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-3010 Any request to divulge your UNI password via e-mail is fraudulent! ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Chegg Data Breach notification (Thanks to HIBP) Frank Barton (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Seidl, David (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Ken Connelly (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Blake M Bourgeois (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) John McCabe (Sep 24)
- Re: Chegg Data Breach notification (Thanks to HIBP) Manjak, Martin (Sep 24)
- Re: Chegg Data Breach notification (Thanks to HIBP) Barton, Robert W. (Sep 24)
- Re: Chegg Data Breach notification (Thanks to HIBP) Matt Armstrong (Sep 24)
- <Possible follow-ups>
- Re: Chegg Data Breach notification (Thanks to HIBP) Joseph Tam (Aug 16)
- Re: Chegg Data Breach notification (Thanks to HIBP) Frank Barton (Sep 23)
- Re: Chegg Data Breach notification (Thanks to HIBP) Garrett McManaway (Sep 23)
- Re: [EXTERNAL] Re: [SECURITY] Chegg Data Breach notification (Thanks to HIBP) Zachary Yamada (Sep 23)
- Re: Chegg Data Breach notification (Thanks to HIBP) Barton, Robert W. (Sep 23)
- Re: Chegg Data Breach notification (Thanks to HIBP) Frank Barton (Sep 23)