Sign In

Communications of the ACM

ACM News

F.T.C. Accuses Ed Tech Firm Chegg of 'Careless' Data Security

View as: Print Mobile App Share:

To settle the F.T.C.’s charges, the agency said Chegg had agreed to adopt a comprehensive data security program.

Credit: Chegg

The Federal Trade Commission on Monday cracked down on Chegg, an education technology firm based in Santa Clara, Calif., saying the company's "careless" approach to cybersecurity had exposed the personal details of tens of millions of users.

In a legal complaint, filed on Monday morning, regulators accused Chegg of numerous data security lapses dating to 2017. Among other problems, the agency said, Chegg had issued root login credentials, essentially an all-access pass to certain databases, to multiple employees and outside contractors. Those credentials enabled many people to look at user account data, which the company kept on Amazon Web Services' online storage system.

As a result, the agency said, a former Chegg contractor was able to use company-issued credentials to steal the names, email addresses and passwords of about 40 million users in 2018. In certain cases, sensitive details on students' religion, sexual orientation, disabilities and parents' income were also taken. Some of the data was later found for sale online.

From The New York Times
View Full Article



No entries found