The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords.

The online education platform for developers Thinkful has suffered a data breach, just a few days after it has announced it would be acquired by the education tech firm Chegg for $80 million.

The company is notifying the incident to its users via email and is forcing a password reset in response to the incident. Thinkful confirmed that an unauthorized user was able to gain access to employee accounts credentials.

“We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users.” reads the data breach notification sent by the company. “As soon as we discovered this unauthorized access we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation.”

It is not clear when the security breach took place and if Chegg was aware of the data breach prior to the acquisition.

Hackers had access to certain information, such as government-issued IDs and Social Security numbers, or financial information. Thinkful attempted to downplay the incident declaring that there is “no evidence” of any unauthorized access to users’ account data.

“Additionally, at this time we have no evidence of any unauthorized access to any other Thinkful user account data or user information. However, as a measure of added precaution, we are requiring all users to reset their Thinkful passwords.” continues the notification.

Curiously, one year ago Chegg also disclosed a data breach that obliged the company to reset the passwords of its 40 million users.

Pierluigi Paganini

(SecurityAffairs – Thinkful, hacking)