“We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” said Erin Rosenblatt, the company’s vice-president of operations, in an email to users.
“As soon as we discovered this unauthorized access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation,” the executive said.
At the time of writing, there has been no public acknowledgement of the breach beyond the email to users.
Thinkful, based in Brooklyn, New York, provides education and training for developers and programmers. The company claims the vast majority of its graduates get jobs in their field of study within a half-year of finishing their program. Earlier this month, education tech giant Chegg bought Thinkful for $80 million in cash.
But the company would not say when the breach happened — or if Chegg knew of the data breach prior to the acquisition announcement.
A spokesperson for Chegg did not respond to a request for comment. Thinkful spokesperson Catherine Zuppe did not respond to several emails of questions about the breach.
The email to users said the stolen credentials could not have granted the hacker access to certain information, such as government-issued IDs and Social Security numbers, or financial information. But although the company said it’s seen “no evidence” of any unauthorized access to users’ account data, it did not rule out any improper access to user data.
Thinkful said it is requiring all users to change their passwords.
We also asked Thinkful what security measures it has employed since the credentials breach, such as employing two-factor authentication, but did not hear back.
Just months earlier, Chegg confirmed a data breach, which forced the online technology giant to reset the passwords of its 40 million users.
At least Thinkful is now in good company.