Re: Chegg Data Breach notification (Thanks to HIBP)

[Blake M Bourgeois <bbour53 () LSU EDU>]

For what it is worth, we saw the data in the breach being leveraged as early as May 2018 and were able to finally 
confirm that the large number of account compromises then were a result of this breach.

As such, we had already reset a large number of accounts that were confirmed to be compromised last year. So, you may 
want to look back if you had any mass compromises/resets from that time period and see if they sync up with the 
accounts in HIBP.

Blake Bourgeois, GCED
Security Analyst 2, IT Security and Policy
Information Technology Services
Louisiana State University
Office 225-578-1218
bbour53 () lsu edu<mailto:bbour53 () lsu edu>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Connelly
Sent: Friday, August 16, 2019 8:31 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Chegg Data Breach notification (Thanks to HIBP)

yes, yes, no.  For all similar reports that include a password in the stolen data, we send this message to the affected 
accounts.

In April 2018, the textbook rental service Chegg suffered a data 
breach<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftechcrunch.com%2F2018%2F09%2F26%2Fchegg-resets-40-million-user-passwords-after-data-breach%2F&data=02%7C01%7Cbbour53%40LSU.EDU%7C1be7bad09a9f499e8b1a08d7224dfd29%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637015590670301144&sdata=dU%2FPqo0%2FVqk48dCQDdxK156a60FoNtw6JC8NyUPbYgc%3D&reserved=0>
 that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored 
as unsalted MD5 hashes.

There are several things that you should do, depending upon your circumstances:

  *   If the password you used at Chegg was the same as your uni.edu CatID passphrase, you must change your CatID 
passphrase immediately.  To do that, login to the UNI portal/MyUNIverse and find the link in the "My Account" applet in 
the upper right corner of the screen.
  *   If Chegg has provided information about changing your Chegg password, you should follow those instructions.  If 
you have not heard from Chegg about your stolen account information, you should login to the Chegg website and change 
your password now.
  *   If the password you used on Chegg was also used on other sites, you should also change your password on those 
other sites.  It is never a good idea to share passwords between sites.  There are password managers that can help you 
maintain distinct passwords on different sites and also safely store those to enable easy access when needed.  Two 
examples that I use are LastPass and KeePass.  They have somewhat different functionality, but are both good options.

Thanks for your attention to this matter.

Feel free to steal and adapt as you wish.

-ken
On 8/16/19 8:03 AM, Frank Barton wrote:
Good morning folks,

I'm sure a bunch of you got similar notifications this morning that $BIGNUM accounts at your domain were impacted by 
the April 2018 Chegg Data breach.

We are looking at how we want to address this, as I'm sure that many students use the same password everywhere.

have any of you decided how you are going to address this?
Are you notifying impacted users?
Are you requiring a password reset for campus systems?

Thank You
Frank

--
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cbbour53%40LSU.EDU%7C1be7bad09a9f499e8b1a08d7224dfd29%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637015590670311135&sdata=siBFnFaUgs70yU6BofGLzT%2BUQ5Z4JGq%2BiOH6VvSdEwA%3D&reserved=0>



--

- Ken

=================================================================

Ken Connelly                       Director, Information Security

Information Security Officer          University of Northern Iowa

email: Ken.Connelly () uni edu<mailto:Ken.Connelly () uni edu>   p: (319) 273-5850 f: (319) 273-3010



Any request to divulge your UNI password via e-mail is fraudulent!

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cbbour53%40LSU.EDU%7C1be7bad09a9f499e8b1a08d7224dfd29%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637015590670311135&sdata=siBFnFaUgs70yU6BofGLzT%2BUQ5Z4JGq%2BiOH6VvSdEwA%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community