Quora breach exposes 100 million users’ information

Members-only Q&A site has a lot to answer for

Quora, a popular members-only question and answer site, has revealed that hackers have stolen the information on 100 million of the site's users.

In a security update, the site admitted that "a malicious third party" had made unauthorized access into the site. The breach, detected 30 November, is currently under investigation and, in the meantime, Quora is prompting all its users to reset their passwords.

Information stolen includes users' email addresses, passwords, names and any information gleaned from linked social media accounts. In addition, the hackers have knowledge of user activity including questions and answers posted, as well as anything up- or down-voted and any personal messages sent.

As there are no monetary transactions on Quora, no credit card information was stolen, making it a perplexing choice of target for hackers. However, since many people use the same passwords for various different online systems, it's likely hackers were taking the information to attempt to access different sites.

In addition, knowledge of users' questions and answers could be useful to some, by showing what services they use and even where they live.

The biggest surprise, however, is that many people weren't even aware hey had Quora accounts in the first place. Users on other social media platforms have expressed concern and annoyance at losing information on a network they haven't used in years.

Even Quora itself nods to this concern in its FAQ sheet on the breach, with a question "I didn't know I had a Quora account. How is it that my email or information was exposed?"

While 100 million victims of a hack is a significant number, it isn't the biggest hack this year. On 30 November, for example, the hotel chain Marriott alerted its customers to a massive hack that affects 300 million users.

Since August of this year, we've seen plenty of breaches with the NHSBritish AirwaysFacebookAmazon, and several other major online services (or services with an online presence) have all had data stolen, to varying degrees of severity. If they didn't know it already, people are quickly having to realise that data isn't safe online.

Featured Resources

Edge-enabled mobility of the future

Turning vehicle data into value

Download now

Modern networking for the borderless enterprise

Five ways top organisations are optimising networking at the edge

Download now

Address multi-cloud configuration risks

Cloud security challenges and how to overcome them

Watch now

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Download now

Most Popular

UK gov flip-flops on remote work, wants it a standard for all jobs
flexible working

UK gov flip-flops on remote work, wants it a standard for all jobs

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021