Thinkful Resets Passwords After Data Breach Exposes Coders

Written by

Online education platform Thinkful has suffered a data breach which may have given hackers access to users' accounts.

The training site for developers notified all of its users by email that an unspecified number may have had their “company credentials” accessed by an unauthorized third party.

However, it clarified that no government identification or financial info belonging to the company would have been available to the hackers via this route. “As soon as we discovered this unauthorized access we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation,” it continued.

“Additionally, at this time we have no evidence of any unauthorized access to any other Thinkful user account data or user information. However, as a measure of added precaution, we are requiring all users to reset their Thinkful passwords.”

The cause of the breach is still unclear, although a phishing attack against a site admin or a credential stuffing raid are among the usual suspects. Also unclear is the number of users affected and when the incident occurred.

It does come at an awkward time for Thinkful, however, given the firm only recently announced its $80m acquisition by student learning platform provider Chegg.

That firm has also been on the receiving end of unwanted attention from the black hat community: last year it revealed in a regulatory filing that hackers managed to access a company database, stealing log-ins, and email and shipping addresses.

It was forced to reset 40 million passwords as a result.

Securonix VP EMEA, Robert Ramsden Board, argued that the incident highlights the importance of due diligence before buying a company.

“Purchasing a company that has taken a lax approach to security will only come back to haunt the buyer, as Marriott learned the hard way after its purchase of Starwood hotels,” he added.

“Data breaches pose a serious reputational and business risk to organizations. Therefore, to avoid unauthorized access to internal systems organizations should simulate data breach security drills to identify weaknesses that could be exploited and train staff on the malicious tactics cyber-criminals use to reduce the risk of human error.”

What’s hot on Infosecurity Magazine?