Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security United States

FTC Accuses Ed Tech Firm Chegg of 'Careless' Data Security (nytimes.com) 20

Posted by msmash from the how-about-that dept.
The Federal Trade Commission on Monday cracked down on Chegg, an education technology firm based in Santa Clara, Calif., saying the company's "careless" approach to cybersecurity had exposed the personal details of tens of millions of users. From a report: In a legal complaint, filed on Monday morning, regulators accused Chegg of numerous data security lapses dating to 2017. Among other problems, the agency said, Chegg had issued root login credentials, essentially an all-access pass to certain databases, to multiple employees and outside contractors. Those credentials enabled many people to look at user account data, which the company kept on Amazon Web Services' online storage system.

As a result, the agency said, a former Chegg contractor was able to use company-issued credentials to steal the names, email addresses and passwords of about 40 million users in 2018. In certain cases, sensitive details on students' religion, sexual orientation, disabilities and parents' income were also taken. Some of the data was later found for sale online. Chegg's popular homework help app is used regularly by millions of high school and college students. To settle the F.T.C.'s charges, the agency said Chegg had agreed to adopt a comprehensive data security program.
This discussion has been archived. No new comments can be posted.

FTC Accuses Ed Tech Firm Chegg of 'Careless' Data Security More

FTC Accuses Ed Tech Firm Chegg of 'Careless' Data Security

Comments Filter:

  • It appears (Score:3)

    by smooth wombat ( 796938 ) on Monday October 31, 2022 @12:42PM (#63012591) Journal

    Chegg could use some education in how technology works.

    • Re:It appears (Score:4, Insightful)

      by i.r.id10t ( 595143 ) on Monday October 31, 2022 @12:46PM (#63012601)

      What confuses me is.... Chegg is basically a textbook source. Why do they ask for and keep data that would allow "In certain cases, sensitive details on students' religion, sexual orientation, disabilities and parents' income were also taken"

      ?

      Names, addresses, emails, billing info I can understand... but wtf?

      • Re: (Score:3)

        by splutty ( 43475 )

        I'm all for a "None of your fucking business" law, where if a company leaks data they have no reason to collect, they get a fine for 10% of their global income for each data point they 'accidentally' collected.

        • The GDPR has resulted in some pretty big fines. https://www.tessian.com/blog/b... [tessian.com]

        • They always have a reason to collect. Besides, in their minds they are 100% right in collecting the information, mainly for one reason.

          People voluntarily gave it to them when they asked.

          Also known as how Facebook exists.

          • Re: (Score:2)

            by splutty ( 43475 )

            So the really simple solution is: If you're asking for stuff that's "None of your fucking business", you get fined.

            Problem solved.

            • So the really simple solution is: If you're asking for stuff that's "None of your fucking business", you get fined.

              Problem solved.

              (Mega-corps) "Fines? Oh, you mean those things we spent some spare change on in order to own lawmakers and ensure they amount to little more than a slap on the wrist? Yeah, sure, why not. Another round of those. They're a great problem solver."

              This may appear in jest, but I challenge you to find a fine against social media that wasn't ultimately worth every penny.

              • Re: (Score:2)

                by splutty ( 43475 )

                Oh absolutely. Which is why we need fines that are a percentage of their gross worldwide income. For every infraction.

    • Re: (Score:3)

      by splutty ( 43475 )

      But how are they supposed to make money if they have to do this expensive security stuff?!

    • I never even heard of this company, so I just looked them up. They are a publicly traded company. You'd think that they would have to undergo third party security audits, compliance audits, and whatnot. If that was the case then the ball was dropped by many different folks.

      • Re:It appears (Score:5, Informative)

        by Puls4r ( 724907 ) on Monday October 31, 2022 @12:56PM (#63012635)
        They may be public, but they are shady as hell. I recently did some 'business' with them, because there were calculus problems that my son (and his tutor) were unable to figure out.

        CHEGG listed both the problem, with pictures of the actual questions on the their website, so I paid for a month so we could see how to do them. It turns out, they didn't have the answers for either. But they make it appear like they do. We looked up a third question and the supposed 'answer' was from a third party, clearly hadn't been check, and was useless (and completely wrong).

        After spending an hour trying to get through all that, I was pretty pissed. So I looked for customer support, contact info, etc to cancel and get my money back. No such luck. No way to get to them.

        They are a scam. No quality control. You pay and screwed. And if you look up their reviews online, everyone agrees. They're a joke. To top it off, you'll find the same 'shady' review sites where CHEGG has clearly paid them off and has 4 or 5 stars.

        I want ZERO to do with this country (run from India). They are scammers and liars and have horrible business practices. I disputed the charges through paypal to get a refund.

    • Reap what you Sow (Score:4, Insightful)

      by Roger W Moore ( 538166 ) on Monday October 31, 2022 @03:38PM (#63012991) Journal

      Chegg could use some education in how technology works.

      When your business model is helping students to cheat it's poetic justice that they have ended up with employees that do not know how to do their jobs. It's hard to get an education in anything if you are dedicated to undermining the educational system that would normally provide it.

  • Cheating Platform (Score:5, Insightful)

    by 0101000001001010 ( 466440 ) on Monday October 31, 2022 @01:00PM (#63012651)

    For those unfamiliar with Chegg, it's one of the, if not the, largest online cheating platform. There is some free access to cheating materials, there is a subscription for better access, and you can pay more for personalized cheating support.

    The usual codewords used are "homework help" for just the cheating materials and "tutoring" to have someone do the work for you.

    • Re:Cheating Platform (Score:5, Interesting)

      by dostert ( 761476 ) on Monday October 31, 2022 @01:12PM (#63012683)

      For those unfamiliar with Chegg, it's one of the, if not the, largest online cheating platform. There is some free access to cheating materials, there is a subscription for better access, and you can pay more for personalized cheating support.

      The usual codewords used are "homework help" for just the cheating materials and "tutoring" to have someone do the work for you.

      One hundred percent agree. Only redeeming quality is that they will take stuff down pretty quickly. I had a student post my entire final MATLAB project up (8 different coding questions, all authored by me so they can't find similar solutions on the web). Wrote a little take down request (my intellectual property, blah blah) had the provost sign it, and they took down the content within hours. Also provided me the email address of each of the users who posted it. It ended up three different contacts. One of my student's emails... their parent's email... their brother's email. Guess the family that cheats together stays together.

      • For those unfamiliar with Chegg, it's one of the, if not the, largest online cheating platform. There is some free access to cheating materials, there is a subscription for better access, and you can pay more for personalized cheating support.

        The usual codewords used are "homework help" for just the cheating materials and "tutoring" to have someone do the work for you.

        One hundred percent agree. Only redeeming quality is that they will take stuff down pretty quickly. I had a student post my entire final MATLAB project up (8 different coding questions, all authored by me so they can't find similar solutions on the web). Wrote a little take down request (my intellectual property, blah blah) had the provost sign it, and they took down the content within hours. Also provided me the email address of each of the users who posted it. It ended up three different contacts. One of my student's emails... their parent's email... their brother's email. Guess the family that cheats together stays together.

        Were there meaningful consequences for the student? I assume not but would love to be wrong.

  • It's actually "funny" how many companies / people I know who think everyone should be "root" or "admin", or have a single account that is "root' / "admin", because it's safer, quicker, and easier.

    I was once the Administrator for a company that insisted every user account was to be granted "sudo" permissions, because it made the servers easier to work with. I decided to aggressive log everything off the servers and watch how often a person would login, perform "sudo -s" or "sudo su", and continue working,
  • That will solve the problem of accidentally giving unauthorized people root access.

Slashdot Top Deals

Air pollution is really making us pay through the nose.

Close