In the latest of a long series of attacks that’s seen us become more of a security blog than a tech website, Quora – one of the largest internet Q&A sites – has admitted it suffered a major security breach, discovered last Friday. The breach, which has been deemed malicious, resulted in the account information and activities of as many as 100 million users being exposed.
In a blog post, Quora CEO Adam D’Angelo said that the company was taking steps to rectify the damage that had been done, as well as conducting an investigation into the attack.
Mr D’Angelo said that investigators believe they have found the source of the problem, but wouldn’t elaborate further – in the interest of not compromising the steps they were taking. He also stated that they would continue the investigation until they gain a full understanding of what happened.
Attackers were able to gain access to users passwords, however, passwords were still encrypted. Nonetheless, Quora is advising that users change their password on any website where they used the same password.
Thankfully, Quora does not collect credit card or social security numbers, so identity theft is out of the question.
However, while no major sensitive user info was stolen, the theft of user passwords is extremely significant. Many people use the same password for multiple websites, so once the passwords were decrypted attackers were free to try any number of websites to see if the same email and password combination worked there.
Following closely from the USPS and Amazon breach, this latest fiasco is raising many questions within the world of internet security. It seems like it’s only a matter of time before even bigger companies like Facebook or Google are breached.
In light of this, we’d like to advise readers to never use the same password on multiple websites, as a security breach on just one of those sites effectively means that attackers have access to your data on all of those sites.