The popular question and answer forum, “Quora” proves to be a great resource for gaining knowledge. From experts/professionals in a myriad of fields to the average Joe, you have hundreds to help you out with various problems. This makes it a great success of the internet, boasting one of biggest sources of information (second to Wikipedia).
Sadly, the service is making headlines, following a massive data breach. Approximately 100 million users’ information is now in the hands of an unauthorized third party service! The hack and its impending results were discovered on Friday, November 30th. Quora stated that they realized an unrecognized party was accessing user data.
Following the discovery, they immediately contacted law enforcement agencies, while bringing in the expertise of a professional digital forensics and security consulting company. The purpose of this was to find out how the breach occurred and who may be responsible for the attack. While there is no news yet on the specifics, Quora did release a security update.
In addition to the above, Quora stated “We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials. We are notifying affected Quora users. We have already taken steps to ensure the situation is contained”. The data exposed for the 100 million users includes:
- Non-Public Actions and Content (e.g. direct messages, answer requests, and downvotes)
- Public Actions and Content (e.g. upvotes, comments, answers, and questions)
- Account Information (e.g. Data imported from linked networks. Encrypted passwords, email addresses, and name)
Quora has no idea about how the breach occurred, but the data pilfered is reason enough to worry. The harvesting of names, email addresses, and data from linked networks particularly pose great risk. Some users may have to deal with unrecognized actions on their accounts, which could be quite embarrassing. Luckily, there is no risk of identity theft.
The platform does not store personal information such as credit card or social numbers, so that is a big relief. However, the altering of public content and actions can still prove detrimental to those with an established reputation online, not aware of the Quora hack. Apart from calling law enforcement and a digital security consultant, Quora has taken other steps, including:
- Notifying the compromised users by email regarding the occurrence of the hack.
- Logging out all Quora users who may have been affected during the breach.
- Invalidating the passwords of Quora accounts affected by the hack.
What Steps Should You Take?
As the 95th largest site of the world, this recent cyber-attack on Quora is highly embarrassing. The website receives more than 700 million visits per month. Users will now face trouble trusting the service with their private information and public answers. Luckily, Quora does not demand financial information on the platform. Otherwise, things would have really got messed up.
It is imperative for users to take some action themselves. Consider changing your passwords for sites that use the same password. Also, give special attention to your Gmail or Hotmail accounts linked with Quora. You need to create unique passwords at every site you visit for reducing the impact of a breach like this. For further precaution, follow these simple tips:
- Turning on Two-Factor Authentication
- Upgrade your PC/laptop to a newer one
- Delete old accounts and store data elsewhere
- Avoid using your primary email for Quora
- Use a VPN to protect your identity and trick hackers!
Wrapping Things Up
Quora is just ONE high-profile hacking case that has made it to the news. A Symantec report revealed that from 2014 to 2015, there was a massive 125% increase in zero-day vulnerabilities and hacks. Another indicated that 43% of cyberattacks are aimed at small businesses. This makes it imperative now more than ever to be extremely proactive about your online identity!