1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Homework help site Chegg accused of leaking user data

    From TechnologyDaily@1337:1/100 to All on Tue Nov 1 18:15:03 2022
    Homework help site Chegg accused of leaking user data

    Date:
    Tue, 01 Nov 2022 18:00:04 +0000

    Description:
    Chegg settles with the FTC, agrees to completely overhaul its cybersecurity practices.

    FULL STORY ======================================================================

    Homework help site Chegg has leaked sensitive consumer data on more than one occasion in previous years due to its below-par security, an official report has declared.

    A post from the US Federal Trade Commission (FTC) claims Chegg leaked
    identity data on more than 40 million consumers, casting serious doubts over its cybersecurity practices.

    The FTC claimed that Chegg could have avoided most of these problems had it simply followed the basics of securing sensitive data. Whats more, the
    company also did not properly monitor its networks for attempts at unauthorized access and data theft. Four major incidents

    The FTC list of accusations includes the claims that Chegg didnt require multi-factor authentication (MFA) for account access to its AWS S3 cloud databases, stored user and employee personal information in plain text, protected passwords with outdated cryptographic hash functions , did not provide adequate training for its employees and contractors, and did not set up processes for inventorying and deleting customer and employee data that
    was no longer needed.

    All in all, the FTC listed four separate incidents: two involving the
    exposure of payroll information to scammers, one the leaking of sensitive material online and another where an executives email account was
    compromised. Read more

    What is phishing and how dangerous is it?


    Phishing attacks are getting more and more sophisticated


    Check out the best firewalls right now

    This included one where an employee fell for a phishing attack and gave someone access to the employees direct deposit payroll information, one where a former contractor who used Cheggs AWS credentials to take sensitive
    material from one of its S3 databases and ultimately leak it online, one in which a phishing attack resulted in the compromise of an executives email inbox, and one in which a senior employee responsible for payroll gave an intruder access to the companys payroll system.

    As a result, the attacker stole W-2 information on some 700 current and
    former employees, including birthdates and Social Security numbers.

    Chegg settled its case with the FTC by agreeing to comprehensively
    restructure its data protection practices. Among other things, the company will now follow a schedule for the personal data it collects, why it collects it, and when it will ultimately delete it. These are the best privacy tools out there



    ======================================================================
    Link to news story: https://www.techradar.com/news/homework-help-site-chegg-accused-of-leaking-use r-data/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)