- Total Records39,823,697
- Unique Emails39,800,241
- Unique Email Providers511,087
- Unique Usernames2,633,943
- Unique First Names692,714
Chegg Data Breach: What Happened in April 2018?
In April 2018, Chegg, a well-known online textbook rental and educational service, experienced a significant data breach that affected approximately 40 million users. The breach exposed a range of personal information, including usernames, email addresses, full names, phone numbers, and mailing addresses. Passwords linked to these accounts were also compromised, stored as unsalted MD5 hashes. Chegg, widely used by students and educators for textbooks and study support, found itself dealing with the fallout of one of the largest education-related breaches to date. The incident not only revealed the breadth of information required for account setup but also raised concerns over the security of password storage practices at the time.
What Information Was Exposed?
The Chegg breach resulted in the exposure of sensitive user data. The information included:
- Usernames
- First and last names
- Street addresses (including street, city, state, and zip code)
- Phone numbers
- Email addresses
- Passwords (hashed using MD5, unsalted)
This range of information is particularly valuable to attackers, as it encompasses not only contact data, but also personally identifying information commonly used in account verification and recovery processes.
Timeline and Discovery
The breach occurred in April 2018 and affected a user base of almost 40 million. Details of the incident began circulating several months later as the company investigated and responded to the intrusion. The actual breach incident likely began on or near April 1st, 2018, with a large dataset eventually surfacing on underground forums, triggering Chegg’s notification process to its customer base and regulatory authorities.
Scope of the Chegg Data Breach
In total, 39,823,698 user accounts were affected by the Chegg breach. Because the exposed information included both personal and account data, a wide swath of subscribers and users from across the educational and academic spectrum were put at risk of further unwanted contact or credential-related attacks. The inclusion of hashed passwords—while not immediately plain-text readable—still presented risks due to the use of an outdated hashing method.
Who Was Behind the Breach?
The specific identity or affiliations of those responsible for the breach have not been publicly disclosed. Like many high-profile data leaks, it’s believed that malicious actors sought access to Chegg’s database for financial gain or resale. The incident highlights the constant risk posed by attackers to companies handling large volumes of sensitive personal data.
Frequently Asked Questions about the Chegg 2018 Data Breach
How many users were affected by the 2018 Chegg data breach?
Nearly 40 million Chegg users were impacted, with the total count reaching 39,823,698 individual records.
What specific data was leaked in the Chegg data breach?
The leaked information included usernames, first and last names, email addresses, phone numbers, street addresses, and hashed passwords stored using unsalted MD5.
When was the Chegg data breach discovered?
The breach occurred in April 2018, with broader public awareness and response following as details surfaced later in the year.
Was any financial information exposed in the Chegg data breach?
No, there is no indication that payment or financial details were exposed. The compromised data primarily involved account and contact information.
How can I check if I'm in the Chegg breach?
You can check if your information was part of the Chegg breach by utilizing the DeHashed search engine.