In continuation with a new trend of making massive hacks against large and well-known companies and services, hackers have made yet another move. It appears that these massive hacks are now occurring on a weekly basis. As the previous week was marked by a shocking revelation that Marriott Starwood hotels were being drained of customer data for four years, this one will be marked by a massive data theft from a website Quora.
Quora is a well-known Q&A type of website where users can post questions about pretty much anything that they wish to gain insight about. Other users with knowledge about the issue can respond and give their insight into the matter.
Details regarding the attack
On Monday night, Quora revealed that its website was hacked by an unknown, malicious third party that managed to steal data belonging to around 100 million users. The stolen information includes personal data such as names and email addresses of users, but also details about their actions on the website, as well as other sites that are linked to their Quora account.
So far, not much is known, and Quora is still investigating the incident. Adam D’Angelo, CEO of the company, released an official statement, claiming that the firm discovered compromised data on Friday, November 30th. The breach was made by a third party that somehow got unauthorized access. Apart from this, D’Angelo did not reveal any other details, as the investigation is still on-going.
What is known is that all information associated with users’ Quora accounts is likely been taken by an unknown individual or group, including data belonging to 100 million users, as mentioned earlier. The theft also includes account passwords, although they still remain encrypted for the users’ safety. However, the danger also lies in the fact that any other social network or account that has a connection to users’ Quora accounts might have lost large amounts of data as well.
As for Quora itself, records of all public and private actions on the website were taken. This includes downvotes and upvotes, all posted comments, direct messages, posted questions, and alike. D’Angelo believes that things posted anonymously should not be included, as Quora does not record identities of those who post anonymously.
What can be done about it?
As stated, Quora is conducting its own investigation right now. The company has also taken steps to notify all users that are believed to be affected by the attack. They are also logging out affected accounts, and those who are using password authentication will have their passwords reset.
The company also announced that all newly-discovered information will be delivered to affected users via email.