0

I was recently sent a notification by https://haveibeenpwned.com/ that one of my email addresses has been found in a breach, in particular in a breach of https://www.chegg.com. I am positive I never signed up for an account there, it's a US education company and I am not from there, nor did I ever have anything to do with US education.

I have verified the email is actually from haveibeenpwned.

I figured it's possible they merged with another company and took over their user base, but I can find no evidence of that.

If I try to sign in to chegg.com I do get a notification that I should reset my password for logging in. I did this and got a reset password email, what makes it even more dodgy is that I am adressed as Hi , to reset your password... so obviously they left out the name I should be addressed by after Hi.

I actually logged in with the new random password and it seems my account did have a free ebook purchase there, but it's definitely not a book that I ever was interested in. I suppose the likely scenario is that chegg never did email validation and someone just used my email address? Are there any other options? I also don't remember getting any signup emails which is common for services even if they don't verify email addresses.

Improve this question
0

1 Answer 1

Reset to default
0

The main thing for this is because databases that got compromised did contain information that came from other websites you were registered on.

Improve this answer
2
  • Possible, although it doesn’t match with me having a purchase there of a book that I never obtained, free or not.
    – Sebastiaan van den Broek
    Commented Aug 16, 2019 at 8:44
  • It could be just a "test purchase" to make their user data more trustworthy and reliable.
    – tungsten
    Commented Aug 16, 2019 at 8:49

Not the answer you're looking for? Browse other questions tagged .