Chegg security breach exposes 130 Rice accounts
Over 130 Rice accounts had their email addresses and passwords exposed as part of a breach that swept Chegg, a textbook rental and homework help company, over a year ago, according to Marc Scarborough, chief information security officer at the Office of Information Technology.
Chegg disclosed a security breach affecting its approximately 40 million accounts on Sept. 25, 2018, according to CNBC. Of those 40 million breached accounts, 1,976 were registered with a Rice email address, and of those 1,976, more than 130 used a Rice NetID password on the Chegg site, according to Scarborough.
Scarborough said the Information Security Office subscribes to an intelligence and threat sharing service that notified them on Aug. 16 that information from 1,976 Rice email addresses had been stolen from Chegg and posted online.
Scarborough said the effects seen by students with affected accounts as a result of the breach were minimal.
“If the student used the Chegg service with their Rice email address and actual Rice NetID password, instead of using a unique one for the non-Rice service, then attackers attempted to use their exposed passwords to send spam,” Scarborough said. “We are not aware of other fraudulent uses of their passwords.”
Scarborough said the OIT checked the 130 breached passwords to see if any were currently in use in Rice’s system; if they were, the OIT locked the accounts.
Q Tabarestani, a Hanszen College senior, said he received an email from Rice last week regarding the security breach telling him to change his NetID password.
“The email itself seemed a little sketchy since it was sent twice, the first time just containing a bunch of coding gibberish,” Tabarestani said. “I thought the email from Rice was also a phishing scheme so I did not change my password.”
When he could not log into his Canvas or email the next afternoon, Tabarestani said he “freaked out” and contacted Hanna Gratch, the OIT ambassador at Hanszen. Gratch’s boss informed Tabarestani that the OIT had locked his accounts under the suspicion that they had been hacked.
Tabarestani said the OIT was very helpful in unlocking his accounts when he visited them the next morning but that he wished they would notify students when they locked accounts.
“Overall, the experience was very nerve-wracking, especially during the period where I could not contact anyone from the office,” Tabarestani said.
Daniel Pham, a McMurtry College senior, said he discovered he was part of the security breach after he reached out to the OIT when he could not log into his Google Calendar. He said that having his account locked was inconvenient but overall was “not a big deal.”
“It was just annoying because I was waiting on a job offer, and I couldn’t check my email or do my homework in Canvas,” Pham said.
According to Scarborough, affected students should change the passwords they used for their Chegg accounts everywhere else they used it, or else they could continue to be affected by the breach.
“Do not use your Rice email address and Rice password to create accounts on non-Rice services like Chegg, Instagram, Amazon, etc.,” Scarborough said. “Those that created a new password for their Chegg account were not affected. Password managers, such as 1Password and LastPass, are helpful in managing multiple passwords.”
More from The Rice Thresher
Students returning to campus in the upcoming fall semester will have to adjust to a number of precautionary changes all subject to change, such as rearranged housing, bathroom schedules and mandated COVID-19 testing, implemented in efforts to protect against the spread of COVID-19, according to an email sent July 1 by Dean of Undergraduates Bridget Gorman.
The Lovett College Orientation Week coordinator team reopened advisor applications to add additional advisors and to create an additional O-Week team after some students raised concerns about a lack of Black advisors at Lovett. This comes after previous years in which residential college advising teams have been criticized for lacking diversity.
“We cannot ignore the very real and very problematic history of the man who founded this institution,” Gabrielle Falcon (Martel ‘20) said. “Progress is inevitable and I would hope that Rice would do its best to join the wave of progress we have been seeing this summer, instead of making pointed decisions to prevent it from flourishing.”