Thinkful confirms data breach days after it was acquired for $80m

20 Sep 2019

Image: © SasinParaksa/Stock.adobe.com

It is not known whether the data breach was discovered before or after Thinkful was acquired by Chegg for $80m.

On Thursday (19 September), Thinkful, an online education site for developers, confirmed that it had recently experienced a data breach. The news comes just two weeks after the edtech company was acquired by Chegg for $80m.

The company’s vice-president of operations, Erin Rosenblatt, emailed users to notify them of the data breach.

Rosenblatt wrote: “We recently discovered that an unauthorised party may have gained access to certain Thinkful company credentials, so out of an abundance of caution, we are notifying all of our users.

“As soon as we discovered this unauthorised access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place and initiated a full investigation.”

While the company is reported to have emailed users about the investigation, it has not publicly acknowledged the breach on its website or blog.

Acquisition

TechCrunch reached out to Thinkful to ask if the company had been aware of the breach when it was acquired on 4 September, but a spokesperson from the company did not respond to questions. TechCrunch reported that there was no evidence of access to account data, including social security numbers, financial data or IDs.

In a statement to SC Magazine, technical strategist at Synopsys, Travis Biehn, said: “Compromising small start-ups in the weeks and months following an acquisition can lead to huge payoffs for attackers, as they gain footholds in soft targets before they’re able to adopt to possibly stronger security postures from acquiring companies.

“That’s just one reason why it’s important to get a handle on a company’s full security posture before making an acquisition decision.”

The deal between Chegg and Thinkful was the former’s largest acquisition deal to date. Chegg, which is a Santa Clara-based edtech company, paid $80m for Thinkful, with potential additional payments of up to $20m that could be paid in either cash or restrictive stock units, at Chegg’s sole discretion.

A year ago, Chegg stock plunged more than 12pc after it disclosed a data breach of its own. The company learned of the data breach on 19 September 2018, which is coincidentally the same date that Thinkful announced its data breach a year later.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com