Up to 100 million Quora accounts affected by data breach
The question and answer community Quora confirmed today that up to 100 million accounts of users were compromised in a data breach.
It noticed on Friday that "some user data was compromised by a third party who gained unauthorized access" to a company system.
The company's investigation is still ongoing; Quora hired a digital forensics and security firm, and notified law enforcement officials.
Quora notes that the following data may have been compromised for "approximately 100 million Quora users":
- Account information: name, email address, encrypted password, data imports from linked networks.
- Public content and activity, e.g. questions and answers.
- Non-public content and activity, e.g. direct messages or answer requests.
The company is in the process of informing affected users about the breach. Users affected by the breach should receive an email with information. The email is an exact copy of the post on the Quora website.
Quora made the decision to log out all Quora users who might have been affected by the breach. Passwords used by affected accounts will be invalidated.
Quora users whose passwords were invalidated are asked to reset the password the next time they try to sign in to the service. An email with password reset instructions is sent to the registered email account in that case.
Quora suggests that users change passwords of accounts that they use on other sites if the same password was used there as well. The attackers could try email and password on popular sites after decrypting the passwords.
Affected users should pay attention to emails that they receive. Name and email address may be used to create phishing emails or other types of unwanted emails. You can find out if your email address has been sold here.
Quora makes it difficult to browse questions and answers without account. Users of the content blocker uBlock Origin may use it to access Quora content without account.
Closing Words
There are not many popular sites or companies left that have not experienced a data breach yet. Users should make sure that they use unique strong passwords for each service that they sign up for. Password managers like KeePass or Bitwarden and email providers and services that support aliases or multiple unique email addresses help with that.
Now You: Have you been affected by breaches in the past?
Previous Post: « Dell resets customer passwords after security incident
Next Post: Check all KeePass passwords against the Have I Been Pwned database locally »
Unless there are real consequences for the company top-brass when these incidents occur, such as life in prison, total forfeiture of net assets, company shut down, we can expect them to continue unabated in to the future.
This is 1 reason why I dont post to large sites That require a sign up.
Its a shame really even I have something to contribute occassionally.
:)
The worse thing is that I needed an answer on Quora and they forced me to finally get an account to see it. And then it is hacked. Right.
No need for account, you can use adblock to view the answers
When I used adblock, it removed the scrolling window. I knew I was doing something wrong, but needed the answer pronto.
Aww… how unusual, well done 3letter alphabetsoup guys! :)