Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. They announced that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that’s almost half of its entire user base.
According to Adam D’Angelo, the chief executive officer and co-founder of Quora, the personal user information compromised in the breach includes:
- Account information, such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorized by users.
- Public content and actions, like questions, answers, comments, and upvotes.
- Non-public content and actions, including answer requests, downvotes, direct and messages (note that a low percentage of Quora users have sent or received such messages).
Quora said it is still investigating the breach and assured its users that it working rapidly to “take the appropriate steps to prevent such incidents in the future.”
I just love how every company after breach is going to have it all sorted out in the future. And here we are, yet a mother company who had a vulnerability, violated their users trust and no restitution is offered.
“Sorry Ya’ll, our bad, but we won’t let it happen again.”
The is a rough breach. Not only did hashed passwords get compromised but also the data that is shared from major social networks. This is another reason contending as to why you should have separate accounts and passwords for all accounts. I love SSO’s convenience but I won’t link erroneous accounts to SSO account that have personal data.