2018 seems to be the year of data breaches as Google, Facebook and now Quora has been hit. It now proves the point that even the big corporations can not really keep data safe as hackers are always a step ahead.
Quora, which serves as a base for users who get answers to almost any questions from other users, has announced that it was breached and some of its user’s data were compromised.
“We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future,” the company reported in a blog post.
“We also want to be as transparent as possible without compromising our security systems or the steps we’re taking, and in this post we’ll share what happened, what information was involved, what we’re doing, and what you can do.
We’re very sorry for any concern or inconvenience this may cause.” it added.
On information involved in the breach, Quora wrote that “For approximately 100 million Quora users, the following information may have been compromised:
Account information, e.g. name, email address, encrypted password (hashed using bcrypt with a salt that varies for each user), data imported from linked networks when authorized by users;
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
- Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.”
Quora stated that users have already been logged out and the cause of the breach identified. It also stated that those who were affected will be notified via email. Users are advised that while stolen passwords were encrypted, they should not reuse them.
Hackers usually sell stolen accounts login details on the dark web as they seek to exploit vulnerabilities on sites from time to time.