Chegg security breach exposes 130 Rice accounts
Over 130 Rice accounts had their email addresses and passwords exposed as part of a breach that swept Chegg, a textbook rental and homework help company, over a year ago, according to Marc Scarborough, chief information security officer at the Office of Information Technology.
Chegg disclosed a security breach affecting its approximately 40 million accounts on Sept. 25, 2018, according to CNBC. Of those 40 million breached accounts, 1,976 were registered with a Rice email address, and of those 1,976, more than 130 used a Rice NetID password on the Chegg site, according to Scarborough.
Scarborough said the Information Security Office subscribes to an intelligence and threat sharing service that notified them on Aug. 16 that information from 1,976 Rice email addresses had been stolen from Chegg and posted online.
Scarborough said the effects seen by students with affected accounts as a result of the breach were minimal.
“If the student used the Chegg service with their Rice email address and actual Rice NetID password, instead of using a unique one for the non-Rice service, then attackers attempted to use their exposed passwords to send spam,” Scarborough said. “We are not aware of other fraudulent uses of their passwords.”
Scarborough said the OIT checked the 130 breached passwords to see if any were currently in use in Rice’s system; if they were, the OIT locked the accounts.
Q Tabarestani, a Hanszen College senior, said he received an email from Rice last week regarding the security breach telling him to change his NetID password.
“The email itself seemed a little sketchy since it was sent twice, the first time just containing a bunch of coding gibberish,” Tabarestani said. “I thought the email from Rice was also a phishing scheme so I did not change my password.”
When he could not log into his Canvas or email the next afternoon, Tabarestani said he “freaked out” and contacted Hanna Gratch, the OIT ambassador at Hanszen. Gratch’s boss informed Tabarestani that the OIT had locked his accounts under the suspicion that they had been hacked.
Tabarestani said the OIT was very helpful in unlocking his accounts when he visited them the next morning but that he wished they would notify students when they locked accounts.
“Overall, the experience was very nerve-wracking, especially during the period where I could not contact anyone from the office,” Tabarestani said.
Daniel Pham, a McMurtry College senior, said he discovered he was part of the security breach after he reached out to the OIT when he could not log into his Google Calendar. He said that having his account locked was inconvenient but overall was “not a big deal.”
“It was just annoying because I was waiting on a job offer, and I couldn’t check my email or do my homework in Canvas,” Pham said.
According to Scarborough, affected students should change the passwords they used for their Chegg accounts everywhere else they used it, or else they could continue to be affected by the breach.
“Do not use your Rice email address and Rice password to create accounts on non-Rice services like Chegg, Instagram, Amazon, etc.,” Scarborough said. “Those that created a new password for their Chegg account were not affected. Password managers, such as 1Password and LastPass, are helpful in managing multiple passwords.”
More from The Rice Thresher
Two days after the elections ballot was approved by the Student Association, multiple concerns have arisen, including possible constitutional violations and Kevin Guo potentially dropping out from the only contested Student Association race — the race between John Cook and Guo for the treasurer’s role.
The Thresher reached out to candidates running for election in all blanket tax organizations: Student Association, Rice Rally Club, Rice Program Council, the Rice Thresher, Rice Campanile, Honor Council, Rice Student Volunteering Program and KTRU Radio. Candidates marked with an * did not respond to requests for comment, and their statement is copied from the SA’s website. Currently, the only contested roles are: SA Treasurer, Honor Council Sophomore Representative and Rice Program Council President.
To prepare for its reopening this past Monday, Willy’s Pub implemented a camera and ID scanner system at the bar’s entrance. Pub was closed for the first few weeks of the semester following Texas Alcoholic Beverage Commission violations in December at the “Last Pub of the Decade” event, according to Frank Rodriguez, board president of Valhalla & Willy’s Permits, which oversees the licenses of Pub and Valhalla.