On the heels of its acquisition by Chegg, developer education site Thinkful said an unauthorized third party had breached its systems.

“We recently discovered that an unauthorized party may
have gained access to certain Thinkful company credentials so, out of an
abundance of caution, we are notifying all of our users,” company Vice President
of Operations Erin Rosenblatt told users in an email. “As soon as we discovered
this unauthorized access, we promptly changed the credentials, took additional
steps to enhance the security measures we have in place, and initiated a full
investigation.”

While the company didn’t give details about the hack, it said
there was no evidence of access to account data, including Social Security
numbers, financial data and IDs, according to a report
from Techcrunch.

“Compromising small startups in the
weeks and months following an acquisition can lead to huge payoffs for
attackers, as they gain footholds in soft targets before they’re able to adopt
to possibly stronger security postures from acquiring companies,” said Travis Biehn,
technical strategist at Synopsys. “That’s just one reason why it’s
important to get handle on a company’s full security posture before making an
acquisition decision.”