Quora says hackers stole up to 100 million users’ data

[Richard Forno <rforno () infowarrior org>]

Quora says hackers stole up to 100 million users’ data

Jacob Kastrenakes@jake_k

https://www.theverge.com/2018/12/3/18124849/quora-100-million-user-hack-name-email-messages

Quora said it discovered last week that hackers broke into its systems and were able to make off with data on up to 100 
million users. That data could have included a user’s name, email address, and an encrypted version of their password. 
If a user imported data from another social network, like their contacts or demographic information, that could have 
been taken too.

Some private actions on the site may have been taken as well. That includes requests for answers, downvotes, and direct 
messages. Content posted anonymously should remain anonymous, however, as Quora says it does not store identifiable 
information for those posts.

“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other 
private information is serious,” Quora CEO Adam D’Angelo wrote in a blog post this evening. The company is also sending 
out emails to affected users.

Quora says it has notified law enforcement and hired a digital forensics firm to investigate what happened. For now, 
it’s only revealing that a “a malicious third party” was able to gain “unauthorized access to one of our systems” and 
that it discovered the breach on Friday.

At 100 million users, this is a very substantial breach and one that likely represents a major portion of Quora’s 
registered users. In 2015, D’Angelo said the site received 200 million unique visitors each month, which likely comes 
primarily from search traffic.

D’Angelo says Quora is trying to “contain the incident” and prevent another breach from happening. “We are working 
rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”

Large scale data breaches have been an unfortunately common occurrence in the last few years, as huge databases of 
information built up over years and years gets breached and hackers are able to pull large swathes away at once. Just 
last week, a Marriott breach leaked personal info on up to 500 million guests; in September, a hacker gathered personal 
information from up to 29 million Facebook accounts.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange