Attackers Target Duke Students

September 19, 2019

In response to an attack targeting Duke faculty and students, the IT Security Office is urging users who had accounts with the online textbook rental service Chegg to change their password at any  sites where that password may have been used.

More than 100 Duke student and faculty accounts were compromised after hackers reused passwords that had been mined from a 2018 data breach reported by Chegg. That breach included more than 14,000 Duke email accounts and passwords.

Duke users also can check their email address against the breach database at https://haveibeenpwned.com.

As a reminder, passwords should not be reused across sites. The IT Security Office recommends the use of a password manager such as Lastpass (for which Duke has a site license available at https://software.duke.edu/ ) to help ensure strong, unique passwords for every account. More guidance on good password management is available at https://security.duke.edu/passwords.