Nov 01, 2022 13:01:00

Homework help service is being pursued by FTC over data leak of 40 million users, including details about sexual orientation and religion of some students

The U.S. Federal Trade Commission (FTC) has cracked down on Chegg, an educational technology company headquartered in Santa Clara, California, saying that the company's inattention to cybersecurity exposed the personal information of tens of millions of users. pointed out.

FTC Accuses Chegg Homework Help App of 'Careless' Data Security - The New York Times

https://www.nytimes.com/2022/10/31/business/ftc-chegg-data-security-legal-complaint.html

Chegg sued by FTC after suffering four data breaches within 3 years
https://www.bleepingcomputer.com/news/security/chegg-sued-by-ftc-after-suffering-four-data-breaches-within-3-years/

Chegg was founded in 2005 as a textbook rental service for college students, and later grew into an online learning site that rents electronic textbooks. Another Chegg service is a 'homework support platform' that allows you to quickly find answers to various academic questions for a monthly fee. Here, students can find answers to homework questions, or ask Chegg experts for answers to study and test questions.

In 2022, Chegg was sued by the FTC for failing to properly manage the personal information of tens of millions of customers and employees.

According to the FTC complaint, Chegg issued multiple employees and outsourced root login credentials, which are effectively all-access passes to certain databases, and used those credentials to create many unauthorized accounts. It was said that people were able to view user data stored in online storage.

As a result, Chegg's prime contractor stole the names, email addresses, and passwords of nearly 40 million users in 2018. The data also contains confidential information such as student religion, sexual orientation, parents' income, etc., which was later found to be sold on the net. This forced Chegg to reset the passwords of 40 million users.

A year later, another Chegg employee was phished, giving attackers access to Chegg's payroll system and revealing the birth dates and social security numbers of hundreds of employees. It was ready to be stolen.

Four other data breaches prompted the FTC to order Chegg to improve its operations, strengthen data security, introduce multi-factor authentication for users to protect their accounts, limit customer data collected and stored, requested to be able to access and delete the data.

In response, Chegg said, 'Chegg has agreed to adopt a comprehensive data security program. We have robust security measures in place and the incident described in our complaint occurred more than two years ago. 'Chegg is fully committed to protecting our users' data and has worked with reputable privacy organizations to improve our security measures and will continue to do so.' said.