Another day, another data breach but this time it isn’t the ever-infamous social network. No, this time it’s the community-run question-and-answer website Quora, which has revealed that a hacker has managed to thieve data from up to 100 million users.
Following a weekend of investigation, Quora began notifying affected users that their account was compromised. This resulted in many shocked faces across the world, not because of the poor security, but to learn they had an account in the first place. Many users have visited Quora when searching for answers on the web, not realising that an account is required to view the page.
Most people utilise Facebook, Google or other accounts to instantly log in for them, bypassing the arduous profile creation process most websites subject visitors to. Unfortunately, the third-party accounts used to sign in are also potentially among the data that was harvested by the hacker, including names, email addresses, passwords and direct messages on the site.
Content submitted anonymously by users is supposedly safe from the hack, as Quora states that user information is not stored from these particular posts. “The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” Quora CEO Adam D’Angelo said in a statement on the site that you fortunately don't need an account to read.
According to D’Angelo, a “leading digital forensics and security firm” continues to investigate the breach and Quora is fully cooperating with law enforcement on the matter. Measures are already in place to prevent security breaches in the future, however those that suspect they have been affected whilst not receiving an email could change their passwords just in case.
KitGuru Says: Security breaches like this are sadly all too common nowadays, however the main criticism surrounds Quora forcing users to sign up without adequate protection. As always, we still recommend using password managers such as Last Pass or 1Password to ensure users are in control of their own welfare.