Quora data breach FAQ: What 100m hacked users need to know
4 December 2018 | 0
Another week, another massive hack. Last week it was Marriott Starwood hotels; this week, it’s question-and-answer website Quora. Late Monday night, Quora revealed that “a malicious third party” gained access to its systems and swiped the account data of approximately 100 million users. That includes personally identifiable information, like your name and e-mail address, as well as details about the actions you’ve taken on Quora itself, and data from other sites you’ve linked to your Quora account.
It’s bad, and here’s everything you need to know.
So what happened?
Quora is still investigating, but CEO Adam D’Angelo says that “On Friday [30 November] we discovered that some user data was compromised by a third party who gained unauthorised access to one of our systems”. Further details weren’t provided yet.
What Quora user data was taken?
More or less everything associated with your account.
D’Angelo says that the hackers may have pilfered 100 million users’ names, e-mail addresses, and encrypted passwords. Any data imported from another social network, such as contacts and demographic information, could have been compromised as well. The hackers may also have records of every public and private action you’ve taken on Quora, including comments, upvotes and downvotes, questions, and direct messages.
Anything posted anonymously shouldn’t have been included, as D’Angelo says Quora does “not store the identities of people who post anonymous content”.
How do I know if my Quora account was hacked?
Quora says it’s notifying everybody who was hacked, and logging out every account that may have been affected. If you use a password for authentication, your password will also be reset.
Any further information discovered during Quora’s investigation will be shared with affected users via e-mail.
What should I do to stay safe?
If you have a Quora account, and especially if Quora confirmed you’ve been hacked, you should change your password. And if you reuse your passwords across multiple sites, you’ll want to change your password at those as well. Reusing passwords is an awful security practice though; if you use a password manager, it can help you create strong, unique passwords for every site and service you visit.
Since Quora doesn’t collect deeply personal information, such as credit card or social security numbers, you probably don’t have to worry about identity theft.
This is another reminder that you want to practice best security practices at all times, because you never know when or where breaches will happen. A password manager and unique logins keep your accounts firewalled from each other when events like this happen; a solid security suite can lock down your local data.
IDG News Service