Education Site Thinkful Confirms Data Breach, Urges Users to Change Passwords

Days after Thinkful announced it has been acquired by Chegg for $80 million, the online developer education site confirmed Thursday, it has been hit by a data breach.

According to an email sent by the company to users, an unauthorized third party had managed to gain access to Thinkful’s employee accounts credentials, potentially compromising thousands of user accounts.

While the email didn’t give details about the hack or how many were affected, it emphasized, however, that the stolen credentials could not provide hackers certain information, including government-issued IDs, Social Security numbers, or financial information of users.

Education Site Thinkful Confirms Data Breach, Urges Users to Change Passwords

“We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” wrote said Erin Rosenblatt, the company’s vice-president of operations, in the email. “As soon as we discovered this unauthorized access we promptly changed the credentials, took additional steps to enhance the security measures we have in place and initiated a full investigation.”

To date, the online developer company maintains that no evidence was found indicating any unauthorized access of account data. Nonetheless, the company still required all users to change their passwords for security reasons.

“Additionally, at this time we have no evidence of any unauthorized access to any other Thinkful user account data or user information. However, as a measure of added precaution, we are requiring all users to reset their Thinkful passwords,” the email added.

Founded in 2012, Thinkful operates as an online education site that provides one-on-one mentoring, career coaching, and peer-reviewing for developers and programmers. Among the different courses, the site offers include software engineering, data science, data analytics, and product design.

In a report from SC Magazine, Travis Biehn, technical strategist at Synopsys, said the recent security incident following the company’s acquisition could provide attackers with an

“Compromising small startups in the weeks and months following an acquisition can lead to huge payoffs for attackers, as they gain footholds in soft targets before they’re able to adopt to possibly stronger security postures from acquiring companies,” explained Biehn. “That’s just one reason why it’s important to get a handle on a company’s full security posture before making an acquisition decision,” he added.

Tech Crunch has tried to contact both Chegg and Thinkful spokespersons about the breach, however, none of the two has responded to the several emails sent yet.