Chegg security breach exposes 130 Rice accounts
Over 130 Rice accounts had their email addresses and passwords exposed as part of a breach that swept Chegg, a textbook rental and homework help company, over a year ago, according to Marc Scarborough, chief information security officer at the Office of Information Technology.
Chegg disclosed a security breach affecting its approximately 40 million accounts on Sept. 25, 2018, according to CNBC. Of those 40 million breached accounts, 1,976 were registered with a Rice email address, and of those 1,976, more than 130 used a Rice NetID password on the Chegg site, according to Scarborough.
Scarborough said the Information Security Office subscribes to an intelligence and threat sharing service that notified them on Aug. 16 that information from 1,976 Rice email addresses had been stolen from Chegg and posted online.
Scarborough said the effects seen by students with affected accounts as a result of the breach were minimal.
“If the student used the Chegg service with their Rice email address and actual Rice NetID password, instead of using a unique one for the non-Rice service, then attackers attempted to use their exposed passwords to send spam,” Scarborough said. “We are not aware of other fraudulent uses of their passwords.”
Scarborough said the OIT checked the 130 breached passwords to see if any were currently in use in Rice’s system; if they were, the OIT locked the accounts.
Q Tabarestani, a Hanszen College senior, said he received an email from Rice last week regarding the security breach telling him to change his NetID password.
“The email itself seemed a little sketchy since it was sent twice, the first time just containing a bunch of coding gibberish,” Tabarestani said. “I thought the email from Rice was also a phishing scheme so I did not change my password.”
When he could not log into his Canvas or email the next afternoon, Tabarestani said he “freaked out” and contacted Hanna Gratch, the OIT ambassador at Hanszen. Gratch’s boss informed Tabarestani that the OIT had locked his accounts under the suspicion that they had been hacked.
Tabarestani said the OIT was very helpful in unlocking his accounts when he visited them the next morning but that he wished they would notify students when they locked accounts.
“Overall, the experience was very nerve-wracking, especially during the period where I could not contact anyone from the office,” Tabarestani said.
Daniel Pham, a McMurtry College senior, said he discovered he was part of the security breach after he reached out to the OIT when he could not log into his Google Calendar. He said that having his account locked was inconvenient but overall was “not a big deal.”
“It was just annoying because I was waiting on a job offer, and I couldn’t check my email or do my homework in Canvas,” Pham said.
According to Scarborough, affected students should change the passwords they used for their Chegg accounts everywhere else they used it, or else they could continue to be affected by the breach.
“Do not use your Rice email address and Rice password to create accounts on non-Rice services like Chegg, Instagram, Amazon, etc.,” Scarborough said. “Those that created a new password for their Chegg account were not affected. Password managers, such as 1Password and LastPass, are helpful in managing multiple passwords.”
More from The Rice Thresher
Local Foods launches in newly renovated Brochstein space
Local Foods Market opened at Brochstein Pavilion Nov. 19, replacing comfort food concept Little Kitchen HTX. The opening, previously scheduled for the end of September, also features interior renovations to Brochstein. Local Foods is open from 8 a.m. to 6 p.m. on weekdays and 9 a.m. to 5 p.m. on weekends.
Scan, swipe — sorry
Students may need to swipe their Rice IDs through scanners before entering future public parties, said dean of undergraduates Bridget Gorman. This possible policy change is not finalized, but in discussion among student activities and crisis management teams.
Energy summit talks the policy behind power
The 16th annual Rice Energy Finance Summit was held at Jones Business School Nov. 15. Speakers from the energy industry discussed topics including renewable energy, the Texas power grid and the future of energy policy under a second Trump administration.
Please note All comments are eligible for publication by The Rice Thresher.