Chegg—Chegg data breach exposed 40 million users' personal data including passwords stored in plain text

Apr 1, 2018

In April 2018, Chegg suffered a massive data breach exposing 40 million users' names, emails, addresses, and passwords - with 25 million passwords stored in plain text. The breach also exposed sensitive scholarship data including sexual orientation and disabilities. FTC investigation revealed Chegg had no written security policy, used weak encryption, shared a single AWS admin key across employees/contractors, and required no MFA for database access.

Scoring Impact

Topic	Direction	Relevance	Contribution
Data Security	-against	primary	-1.00
User Privacy	-against	primary	-1.00
Overall incident score =			-0.590

Score = avg(topic contributions) × significance (critical ×2) × confidence (0.59)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms Legal Action Oct 31, 2022 verified

FTC details Chegg data breach affecting 40 million users

FTC action revealed Chegg's security failures that led to breach exposing 40 million users' data, including passwords stored in plain text.

Related: Same Topics

Flutterwave · Lost ₦11 billion ($7M+) in security breach as perpetrators illegally transferred funds

Apr 1, 2024

Computacenter · Allegedly fired manager who reported Deutsche Bank security breach

Jul 1, 2023

LY Corporation · Suffered major data breach affecting 520,000 users due to shared infrastructure with Korean parent

Oct 9, 2023

ByteDance · China-based ByteDance employees repeatedly accessed nonpublic data of US TikTok users

Jun 17, 2022

Coinbase · Insider data breach exposed 69,461 customers' sensitive data, costing $355+ million

Dec 26, 2024