Security Market Segment LS
Tuesday, 04 December 2018 19:33

Quora reports data breach, reports say 100m affected Featured

By

Quora, a site that hosts questions and answers posed and responded to by everyday people, has reported a major security breach.

"Out of an abundance of caution" is a term you often hear when something has gone wrong, making one wonder where the abundant caution was before things went snafubar, but here we are – Quora has been hacked, with online reports suggesting 100 million users have been affected.

The company says the following information "may have been compromised": 

  • Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalisation data;
  • Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes;
  • Data imported from linked networks when authorised by you, e.g. contacts, demographic information, interests, access tokens (now invalidated); and
  • Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

Quora emailed affected users (which does not appear to be all users as I personally have not received an email from Quora yet, but was sent one by a friend who did receive Quora's email, effectively reprinted in full in this email) the following info:

"We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorised access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future."

Stating "what happened", Quora stated that: "On Friday, we discovered that some user data was compromised by a third party who gained unauthorised access to our systems. We're still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.

"While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company."

So, what does Quora say it is doing?

"While our investigation continues, we're taking additional steps to improve our security:

"We’re in the process of notifying users whose data has been compromised.

"Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.

"We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.

"We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed."

So, what does Quora say "you can do"?

"We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.

"While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so."

Here's "The Quora Team's" conclusion:

"It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility.

"We recognise that in order to maintain user trust, we need to work very hard to make sure this does not happen again.

"There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust."


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments