Quora Looks for Answers in Wake of Massive Data Breach
The personal information of about 100 million people who have used Quora, a popular question and answer website, has been compromised.
“We recently discovered that some user data was compromised by unauthorized access to one of our systems by a malicious third party,” wrote Adam D’Angelo, CEO of Quora, in an online publication.
“We are working quickly to further investigate the situation and take appropriate measures to prevent such incidents in the future,”
The burglary, discovered on Friday, D’Angelo said, compromised the following information from Quora users:
Account information, such as name, email address, hashed password and data imported from linked networks when authorized by users;
Public content and actions, such as questions, answers, comments and “upvotes”
Non-public content and actions, such as answer requests, downvotes and direct messages.
“It is very unlikely that this incident will result in identity theft because we do not collect sensitive personal information such as credit card numbers or social security numbers,” says an answer to the company’s FAQ page.
1. Mild Breach
Compared to other major data breaches, such as the rape in the Marriott hotel chain last week, which struck around 500 million customers and enabled intruders to steal credit card numbers, birth dates and passport numbers, Quora’s attack is relatively mild. said Ted Rossman, an industry analyst Creditcards.com in Austin, Texas.
“The Quora gap seems to be more limited,” he told TechNewsWorld. “It was information that was already public or things that aren’t that sensitive, such as e-mail addresses.”
The risk for most Quora users is not that serious, said Paul Bischoff, privacy advocate in Comparitech, website reviews, tips and information products focused on consumer safety.
“Passwords are hidden and stolen payment information is not violated, so there is little direct threat to most people,”
“However, the small number of users using Quora’s direct messaging platform may have uncovered private data sent to other users,” Bischoff added.
However, all personal data, not just passwords and credit card numbers, can be valuable to those who misuse data.
“As we saw with the fiasco of Cambridge Analytica, access to personal taste, preferences and other preferences can be used against individuals,” he told TechNewsWorld Javvad Malik security advocate in AlienVault, a business intelligence threat in San Mateo, California.
2. The chilling effect in the exchange
The theft of data on the site can also have other consequences for Quora.
“Since this is a knowledge-sharing platform, one of the risks of an incident like this is that it could deter people from participating in such an activity, which is productive and useful,” said Thomas Jackson, group president of the technological practice of Phillips Nizer, a law firm in the city of New York.
“Infractions such as Marriott put customers at risk because of the large amount of data from exposed customers, “Because Quora, the biggest problem will be the willingness of people to contribute in the future. Will it have a negative effect on publications and new inscriptions?”
“Having said that, Quora did almost everything well apart from being raped. “The passwords are stored as hashes and not in plain text, Quora has quickly notified users of the breach and took action to resolve the issue.”
Take advantage of the start of social media sessions
Although the knowledge seekers with Quora accounts can only have a minimal risk due to the data breach, this may not be the case for those who use other services, such as Facebook and Google, to log into the website.
“Also, people who log in to Quora authentication Facebook or Google, it is possible that there is more identity information, depending on how much their Facebook profiles or Google leak,” said Mounir Hahad, head of the Juniper Networks laboratory of threats, a security network. and performance company based in Sunnyvale, California.
“People need to ensure that their Google and Facebook profiles contain a minimum of personal information. “For example, none of the services need to know their exact date of birth to provide services.”
The most useful information stolen by cybercriminals is probably a huge list of valid e-mail addresses, Ha had said.
“Hackers often turn around and sell this data in the underground market.
3. What’s a Consumer to Do?
Consumers who are concerned about the risks that the violation of Quora entails can take a number of measures to protect themselves.
“Moreover, They should disconnect their Quora accounts from other platforms,” advised Mike Bittner, security and digital operations manager for The Media Trust, a mobile application and website security company in McLean, Virginia.
“They also need to change all their passwords and apply to each unique identification, “and check their credit cards for unauthorized debits.”
Maintaining unique passwords in all accounts is particularly important, said James Carder, CISO for LogRhythm, a cybersecurity solutions company in Boulder, Colorado.
“It’s common for attackers to use other consumer platforms to test the credentials they’ve just stolen.