Quora's hack resulted in stolen names, passwords, email addresses, and other data
Quora, one of the biggest question-and-answer sites with 300 million monthly users, reported a data breach that affected one-third of its userbase – 100 million. The CEO Adam D'Angelo said that the “malicious third party” managed to access the internal databases on Friday.
The compromised information contained usernames, full names, email addresses, data imported from Facebook and Twitter, hashed passwords, as well as non-public content such as downvotes, direct messages, answer requests, etc. Additionally, public material like questions and answers was affected as well.
Quora is taking the breach very seriously and follows all the procedures necessary – the incident was reported to the authorities, the internal and third-party forensic teams are investigating the incident, and all the affected parties were informed relatively quickly (the company discovered the breach on November 30th). Adam D'Angelo also noted that the team is doing their best to make sure that everything is handled appropriately:
We also want to be as transparent as possible without compromising our security systems or the steps we're taking, and in this post we’ll share what happened, what information was involved, what we're doing, and what you can do.
We're very sorry for any concern or inconvenience this may cause.
No sensitive information like social security number or credit card details was breached, which reduces the chance of identity theft
Quora uses a Real name policy. It means that it requires users to register with their real names instead of pseudonyms. However, after some activity on the site, they can opt for anonymous postings. Additionally, users can create public profiles with their names, profiles and site statistics, but the feature can be switched off in the account settings at any time.
The Q&A site noted that the breach did not affect users who chose to post anonymously, as Quora does not collect data about users who select the feature.
Adam D'Angelo said that “the compromise of account and other private information is serious.” Indeed, while hackers can not decrypt hashed passwords such information as names or emails can be used by crooks and sold on the black market, although no details like social security numbers or credit card information were involved, as Quora does not collect sensitive information.
The affected users should change their passwords immediately
Quora's post also mentioned that it is highly unlikely that the breach will result in identity theft for any of the 100 million users affected. However, those who use the same passwords for multiple accounts should change them immediately. Additionally, the affected users will be logged out of their accounts automatically and will be asked to reset their passwords.
Quora is not the only company that was affected by a giant security breach. The Marriott servers were breached, and hackers managed to steal passport numbers and credit card details of as many as 500 million clients. Earlier in September, Facebook suffered a massive attack which resulted in 30 million accounts compromise.
Data breaches, as well as security holes, help hackers to gain access to the most personal data that we would not want to be exposed. By entering our credit card details, we trust the company to secure it from crooks' hands. However, as practice shows, the practice of unsafe information handling continues.
Therefore, corporations and organizations around the world should put more effort into protecting their customers and investing more into modern security solutions, as the cost of a data breach is not only the recovery expenses but also customers' trust.