#privacy: Thinkful confirms data breach

An online developer education site has confirmed that an unauthorised party had breached its systems. 

Erin Rosenblatt, Vice President of Operations at Thinkful, told users in an email that an unauthorised party “may have gained access to certain Thinkful company credentials, so out of an abundance of caution, we are notifying all of our users.”

After discovering the unauthorised access, the company promptly changed the credentials, and enhanced the security measures that are put in place. An investigation has been initiated. 

The email to users goes on to stress that the stolen credentials would not have granted the third party access to personal information, such as financial information, Social Security Numbers and government-issued IDs. 

The company had stated that although it had seen no evidence of any unauthorised access to users’ account data, it could not rule out any improper access to it. Thinkful are requiring all users to reset their passwords as a measure of added precaution. 

The data breach comes after the news that the education tech giant Chegg, will acquire Thinkful for $80 million in cash.

Travis Biehn, technical strategist at Synopsys commented: “Compromising small startups in the weeks and months following an acquisition can lead to huge payoffs for attackers, as they gain footholds in soft targets before they’re able to adopt to possibly stronger security postures from acquiring companies.

“That’s just one reason why it’s important to get handle on a company’s full security posture before making an acquisition decision.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/