Incident Details
The educational platform Chegg Inc. suffered a data breach in April 2018, which resulted in the exposure of sensitive data on over 40 million users due to a former contractor who misused AWS root credentials.
Incident
How Did the Breach Happen?
A former contractor retained access to their AWS Account using root credentials after their contract ended. Chegg did not employ reasonable access controls, did not enable multi-factor authentication, and used a weak hashing algorithm for user passwords.
What Data has been Compromised?
The compromised data included users' email addresses, names, passwords, and for some users, their Scholarship Search Data, which comprised religious denomination, heritage, date of birth, parents' income range, sexual orientation, and disabilities.
Why Did the company's Security Measures Fail?
The company's security measures failed due to the lack of individual access credentials for employees, not using IAM for access to customer data in S3, no requirement for MFA on the AWS root account, not rotating access keys for S3, and inadequate monitoring for unauthorized data exfiltration.
What Immediate Impact Did the Breach Have on the company?
An online forum contained 25 million Chegg user passwords in plain text. Chegg responded to the breach by requiring 40 million customers to reset their passwords.
How could this have been prevented?
The breach could have been prevented by employing adequate access controls and monitoring, using IAM for data access, requiring multi-factor authentication, rotating access keys, and encrypting sensitive data.
What have we learned from this data breach?
This data breach has shown the importance of stringent security controls, such as strong access management, multi-factor authentication, data encryption, and regular security assessments to prevent unauthorized access and data leakage.
Summary of Coverage
Chegg Inc. faced a significant data breach due to lax security measures which allowed a former contractor to access and exfiltrate personal data of approximately 40 million users. The breach serves as a critical lesson on the necessities of robust security protocols and proactive data protection strategies.