Just after the Marriott International breach, over 100 million Quora users recently received an email notifying them of a data breach. Quora has confirmed that its systems were hacked leaving account and user information exposed. Though the cause is still yet unknown, the intrusion was noted on Friday, November 30th. Compromised information includes usernames, emails, IP addresses, encrypted passwords, and other personalized data. Imported data from linked networks, including social media, has also been endangered with sensitive data such as contacts, demographics, and access tokens being compromised. The financial penalties from the breach are likely to be huge.
The one saving grace is anonymity. If you are Quora user who contributed to the system as an anonymous user you are safe. Your data will not be impacted because Quora doesn’t store identity data for anonymous posters. You are also rumored to be safe if you did not receive an email, though a change in passwords on your part is always prudent, and Quora may make the password change mandatory even if you did not receive the email.
Law enforcement has been notified, and an internal Quora security team, as well as a third party vendor, are investing the breach. The company issued a generic statement saying that they have identified the root cause of the breach and taken steps to address the issue, but no further details have been released.
Matt Aldrige, senior solutions architect at Webroot warns that the social media links that were exposed are his greatest concern. “Cyber attackers will use information gained from social media sites to target employees through highly personalized attacks such as spear phishing.” Richard Walter, CTO at CensorNet agrees and has said the social media links are sure to go up for sale on the dark web compromising personal and business systems.
Given the nature of the data stolen, Security Awareness Training and vigilant company email use are strongly recommended.