On the heels of its acquisition by Chegg, developer education site Thinkful said an unauthorized third party had breached its systems.
“We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” company Vice President of Operations Erin Rosenblatt told users in an email. “As soon as we discovered this unauthorized access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation.”
While the company didn’t give details about the hack, it said there was no evidence of access to account data, including Social Security numbers, financial data and IDs, according to a report from Techcrunch.
“Compromising small startups in the weeks and months following an acquisition can lead to huge payoffs for attackers, as they gain footholds in soft targets before they're able to adopt to possibly stronger security postures from acquiring companies,” said Travis Biehn, technical strategist at Synopsys. “That's just one reason why it's important to get handle on a company's full security posture before making an acquisition decision.”