[BreachExchange] Thinkful confirms data breach days after Chegg’s $80M acquisition

Destry Winant destry at riskbasedsecurity.com
Fri Sep 20 09:58:13 EDT 2019 

https://techcrunch.com/2019/09/19/thinkful-data-breach-chegg-acquisition/

Thinkful,  an online education site for developers, has confirmed a
data breach, just days after it confirmed it would be acquired.

“We recently discovered that an unauthorized party may have gained
access to certain Thinkful company credentials so, out of an abundance
of caution, we are notifying all of our users,” said Erin Rosenblatt,
the company’s vice-president of operations, in an email to users.

“As soon as we discovered this unauthorized access, we promptly
changed the credentials, took additional steps to enhance the security
measures we have in place, and initiated a full investigation,” the
executive said.

At the time of writing, there has been no public acknowledgement of
the breach beyond the email to users.

Thinkful, based in Brooklyn, New York, provides education and training
for developers and programmers. The company claims the vast majority
of its graduates get jobs in their field of study within a half-year
of finishing their program. Earlier this month, education tech giant
Chegg bought Thinkful for $80 million in cash.

But the company would not say when the breach happened — or if Chegg
knew of the data breach prior to the acquisition announcement.

A spokesperson for Chegg did not respond to a request for comment.
Thinkful spokesperson Catherine Zuppe did not respond to several
emails of questions about the breach.

The email to users said the stolen credentials could not have granted
the hacker access to certain information, such as government-issued
IDs and Social Security numbers, or financial information. But
although the company said it’s seen “no evidence” of any unauthorized
access to users’ account data, it did not rule out any improper access
to user data.

Thinkful said it is requiring all users to change their passwords.

We also asked Thinkful what security measures it has employed since
the credentials breach, such as employing two-factor authentication,
but did not hear back.

Just months earlier, Chegg confirmed a data breach, which forced the
online technology giant to reset the passwords of its 40 million
users.

At least Thinkful is now in good company.

More information about the BreachExchange mailing list