Cyber War? another mega-leak - 100 million Quora accounts compromised by system invaders | Eurasia Diary - ednews.net

17 December, Monday


Cyber War? another mega-leak - 100 million Quora accounts compromised by system invaders

Passwords should be safe, but reset just in case

World A- A A+

Someone's taken a wander through the systems of question-and-answer website Quora, pilfering account details of 100 million users.

The organisation announced on Monday this week: “On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems.”

It said it has “taken steps to contain the incident”.

Breached data includes account information, public content and actions (such as comments, upvotes and actions), and non-public actions (answer requests, downvotes, and direct messages, the latter used by only “a small percentage” of users).

The account data involved included user IDs, email addresses, and (it's good to report, for once – El Reg) fully encrypted passwords. Quora's post said it will log out all affected users, and push a password reset.

Read more: Marriott says up to 500 million guests affected by hack

For everyone else, there's this advice: “While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.”

The breached also included “data imported from linked networks,” if a user had given permission for that to be done from their account.

The post doesn't stipulate what information might come from linked accounts, but it's explained in the privacy policy. If you've used Google or Facebook to log in, or you've connected your Quora account with Facebook, Twitter, or LinkedIn, “we receive certain profile and account information about you from the Linked Network.”

So it looks to The Register there's a risk that someone using their real name on Quora, but not on Twitter, could be doxxed as part of this leak.

Quora believes it's “identified the root cause and taken steps to address the issue”, an outside organisation is assisting, and law enforcement has been notified. ®

The Register

Report a mistake by marking it and pressing Ctrl+Enter

EurasiaDiary © Must be hyperlinked when used.

Follow us:
Twitter: @Eurasia_Eng
Facebook: EurasiaEng


Загрузка...


loading...