Chegg data breach causes uptick in Student Admin attacks


The University of Connecticut is advising students to reset their NetID passwords after an uptick in compromised Student Admin accounts has stemmed from a data breach of homework help and rental website Chegg. 

This is not a trend unique to UConn. Up to 40 million people were affected by the breach, and Mike Enright, a spokesperson for the university, said that the problem has occurred on other campuses as well.  

“Universities around the country saw an uptick in attempts to log in their systems using compromised Chegg accounts in October [of 2019],” Enright said. 

According to Will Harris, a Computer Technical Support Consultant with the Technology Support Center, the link between the two has to do with students using the same passwords for multiple accounts on different websites.  

“A lot of students use the same password for everything, which is why we think we’ve seen an uptick in compromised accounts,” Harris said.  

Neal Chakravartty, a third-semester environmental engineering major, uses Chegg for his engineering classes at UConn. Chakravartty said that he hadn’t heard that Chegg was hacked, much less that Student Admin had been compromised.  

“I was spooked when you said Student Admin is being effected,” Chakravartty said.  

The breach occurred around April 29, 2018, according to a report released by Chegg to the U.S. Securities and Exchange Commission. Chegg only learned of the breach on Sept. 19, 2018, and only went public with the information on Sept. 25, 2018. The breach leaked emails, passwords, usernames and shipping addresses, but thankfully did not leak financial information, according to ZDNet.  

Students at UConn are only now being warned about it because of the increase in attacks to Student Admin accounts.  

Harris said that students should change their NetID password to prevent their Student Admin account from being compromised.  

“At this point, we’re just recommending that students reset their NetID to a strong and unique password,” Harris said. 

Enright emphasized this as what students should learn if they think they’ve been hacked.  

“The overall lesson here is that everyone should use good privacy practices by having multiple usernames and complex passwords for each service that they use,” Enright said.

Thumbnail photo courtesy of @chegg Instagram.

Grace McFadden is a campus correspondent for The Daily Campus. She can be reached via email at

Leave a Reply