Quora one of the biggest question & answer sites with around 300 million monthly users, reported a serious data breach this Monday, affecting one-third of its user base – 100 million.
In what’s starting to feel as of a weekly tradition, one another popular service, Quora this time – has become the latest firm to suffer a massive breach of user data.
Last week, it was Marriott Starwood hotels and this week its question-and-answer website Quora’s turn.
Late Friday, Quora discovered that one of its systems had been hacked by ‘a suspicious third party’ who gained access to its systems and swiped out account data of approximately 100 million users, CEO Adam D’Angelo said in a blog post.
The bad news arrived in emails sent to the compromised users – half of its esteemed 200 million account base – and via a public announcement made on Monday on its website.
The compromised information includes users’ names, email address and encrypted passwords as well as data from social networks such as Facebook (FB) and Twitter (TWTR), in case if people chose to link to their Quora accounts.
Reports are also there that hackers besides from the aforementioned stuff, obtained details about users’ activity on Quora, like questions, answers, upvotes and downvotes. However written questions and answers were not compromised by the breach.
Quora is taking this breach very seriously and do follows all the procedures necessary. The incident has been reported to the authorities, the internal and third-party forensic teams are sincerely investigating the incident. All the compromised parties have been informed comparatively quickly as the breach got discovered.
Adam D’Angelo assures that the team is doing their best to ensure that everything is handled appropriately.
He said,
“We want to be complete transparent in this case without victimizing out security systems or the steps we’re taking. And we’ll share what happened, what information got involved, what we’re doing and what you can do
We’re extremely sorry for any concern or inconvenience this might have caused.”
No sensitive information such as Social Security Number or Credit Card Details was breached, that reduces the chance of identity theft
Quora do make use of Real Team policy. Means it requires users to register with their respective real names instead of pseudonyms. Nonetheless, after some activity on the site, users are allowed to opt for anonymous postings.
Besides users are also allowed to create public profiles with their names, profile and site statistics. However the feature can get switched off in the account settings at any time.
Quora notified that the breach did not victimize users who chose to post anonymously, as the site does not collect data about users who select the particular feature.
Adam D’Angelo said,
“The compromise of account and other private information is serious.”
Despite of the fact that hackers cannot decrypt hashed passwords, information like names or emails can get utilized by crooks and sold onto the black market. Although no details such as social security numbers or credit card information were involved, as Quora does not include tendency of collecting sensitive information.
Things the compromised users should do immediately
Quora is emailing all those who have potentially been compromised by the breach. However even in case if you don’t receive an email, situations like these are a great time for reviewing your online security setup. For ex:
Have you used the same password on Quora for other sites and services?
If so, it is here advised to stop doing that. And make use of long, complicated and most importantly – unique passwords for each site and service you use.
According to tech experts,
There’s no absolute reason for using the same password across multiple sites.
Though getting damn serious about password creation won’t stop these breaches from occurring, but for surely greatly mitigate their effects.
Do you utilize a two-factor or two-step authentication?
Nowadays, a great site or service includes tendency of notifying you or warning you in case of detecting a new login in your account on that particular site.
Yes!!
When someone tries to log in as you, reputed sites warn you that it has detected a new login and you might want to do something about it if it isn’t actually you.
Besides, an even better site or service reaches to use for a secondary form of verification – a texted code, an authentication prompt, a number you read from a software or hardware token, etc – which you are require to enter in addition to your respective password for gaining access.
If haven’t till yet set up two-factor authentication for several things you log into, kindly find out if it’s an option. If it is, then trust me, you’re only doing yourself a disservice via not using it.
Do you own a number of dormant accounts?
Among all the Quora users, a big part is there who are not a big Quora user. For them, its normal to not login to the Quora account for long and answering any question. Cases are there in which users even can’t remember the last time they logged in.
So, if you are among those who own Quora account but have not used it since long time and now receiving the ‘you might be screwed’ email, then it is advised here to go in and delete the account.
Despite of the fact there is no guarantee that a future breach won’t dig up your old information, this step can prevent your information from being leaked out.
Are you among those who ignore a lot of email?
Quora firstly notified compromised users through email. And it stands to reason that it’s going to utilize email to let users know about any additional information associated with big security breach.
Now while we all get a ton of email, its definitely worth setting up a filter for words such as ‘security’, ‘account’ or ‘compromised’ – to name a few. This ultimately decreases the chance of missing emails notifying you about the next big breach.
So, this was all about what Quora users compromised by such big security breach should do for protecting their data and preventing themselves from such breaches in future.
However when it comes to sites, its really important for the corporations and organizations around the world to put into more efforts into protecting their respective customers. They should invest more into modern security solutions, as the cost of a data breach is no only about the recovery expenses, but also the customer’s trust.