Quora hacked: 100 million users’ data exposed, here’s what you need to do
Account information, including name, email address, encrypted password and data imported from linked networks when authorized by users may have been compromised.
Quora, the popular knowledge-sharing website, has been hit with a major cyber breach.
About 100 million users of Quora were affected by unauthorised access to one of its systems by a "malicious third party," said the company in a blog post.
"We're still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials," Quora co-founder and CEO Adam D'Angelo wrote in the post.
Saket Modi, Co-Founder & CEO, Lucideus, an enterprise cybersecurity platforms company, said, "Between last week's Marriot hack of 500 Million accounts and Quora's 100 Million accounts, at least 16% of the total internet users (as the Internet has 3 Billion users) data has been compromised. Cyber Security needs to be built in from the design phase for any digital transformation initiative an organisation is undertaking."
"Quora is unique in that sense, it's a tech company from the grounds up headquartered in the Silicon Valley having around 300 Million monthly active users. When one-third of the customer (100M users) data is hacked in a company with tech DNA, it is a message for all companies of how vulnerable the cyberspace is. What is required, is to close the urgent need-gap for a real-time monitoring system to protect the digital setups of companies with a clear mathematical risk quantification framework that security teams, executive teams, boards, regulators, shareholders and customers can all rely upon, like an ISI / ISO standard rating available in other industries, but this one being real time," he added.
Ankush Johar, Director at enterprise security firm Infosec Ventures, said, "It is imperative for any firm that is operating at a Global or even National level to take necessary steps that ensure security. 93% of attacks in 2017 started with as simple as an email and the Human layer was compromised. To alter the psychology of its users to be suspicious by nature will help them drastically to detect any malicious activity and hence not lead to data breaches like this. Often, only the technology layer is what firm's are concerned about, unlike what the hackers think though."
What information was accessed?
According to Quora, account information, including name, email address, encrypted (hashed) passwords and data imported from linked networks when authorised by users may have been compromised.
Hackers also gained access to some public content and actions such as answers, upvotes, comments and questions.
Quora pointed out that comments posted anonymously on the platform have not been affected by the latest security breach.
What is Quora doing?
The company said it is logging out all Quora users who may have been affected to prevent further damage.
"We are in the process of notifying users whose data has been compromised," D'Angelo further wrote.
What Quora users should do?
Quora says the latest data breach is unlikely to result in identity theft as it does not collect sensitive private information of users. Quora users for now can reset their passwords to stay safe.
If you want to simply delete your Quora account, visit your account privacy settings and choose "Delete Account". The site will ask you to enter your password to confirm the deletion of the account.
If you have created the account using Google or Facebook plug-ins, you need to first generate a password by clicking the "Change Password" link and then click on "create an account password."
Note the process of account deletion takes up to 14 days and if you log-in again during this period, the account will be reactivated.
"Once the 14-day grace period has expired and your account has been deleted, your content and profile will be permanently deleted, and personal data associated with your account will be removed from Quora's databases," says the company on its website.
(with inputs from Reuters)