Why did I get an email about Chegg?
The Queen’s IT Services Security team recently became aware of a data breach at Chegg (a textbook rental and online tutoring service). This event may have potentially affected multiple student accounts here at Queen’s. As a precaution, the Queen’s IT Services will expire the passwords of any Queen’s account found to be listed on the breached Chegg accounts list and who have not changed their passwords since September 23, 2019.
If you received an email message, you will be asked to reset your password before IT Services expires the account password.
We also encourage you to take the following actions to better protect yourself and your information:
Do not reuse passwords across your accounts.
If you have used your Queen’s password on multiple sites we strongly encourage you to change that password on every other site where it has been used.
What data was compromised?
Any user who created an account on the Chegg website using their Queen’s email address or NetID was potentially included in the breach. If the user also supplied the same password as that used with their Queen’s account, then the user’s Queen’s account was potentially compromised.
Chegg reported that the exposed data could include the user’s name, email address, shipping address, username, and password for all accounts created on the Chegg website.
Why is Queen’s expiring passwords for potentially breached accounts?
Queen’s has been monitoring the issue and has observed a significant increase in the number of compromised accounts beginning approximately September 25, 2019. After identifying the trend, the compromised accounts were traced to those which were part of the Chegg data breach. Queen’s IT Services are taking this action to prevent further account compromises by expiring the passwords of all accounts associated with the same Chegg breach.
What caused the data breach?
We have no information from Chegg about the cause of the breach.