Quora is one of those silent successes of the Internet. It doesn’t always make headlines but it has become one of the biggest sources of information on the Web.Next to Wikipedia, of course The service has now hit headlines but, unfortunately, not in a good way. Its user data was compromised, in other words, it was hacked. This is what the company says was taken and what you should do, maybe even if you weren’t affected at all.
Quora reports that the moment it learned of the unauthorized access on November 30, it immediately sprung into action, which involved investigating the case internally, hiring a “leading digital forensics and security firm”, and notifying users that they were hacked. It doesn’t go into specifics, naturally, but it does point the finger at a malicious third-party.
The amount of data pilfered from Quora is reason enough to worry. Although those don’t include sensitive personal information, it’s still a treasure trove for hackers. Names, email addresses, data from linked networks, public content and actions, and even non-public content were all harvested. Anonymous posts were not affected because there was no data to be stolen from there anyway.
The compromised user data included hashed/encrypted passwords. The chances of hackers decrypting those, however, are slim. But don’t take any chances. Quora is notifying affected users privately and invalidating their passwords, forcing them to create new ones. The service is also logging everyone out and it might be a good time for anyone with a Quora account to change their passwords. Even more important, they should check that they’re not using the compromised password in any other account associated with their email.
Quora is just one of the latest high-profile hacking cases to hit the news. Truth be told, hacking attempts never stop but some are more successful than others. And yet, despite how often these things happen, we’re still beholden to weak security measures and even weaker security practices.