Quora.com hacked

Another one bites the dust“, this time Quora.com has been hacked and information for all the users exposed.

As you can read in their security update blogpost this was the information exposed:

  • Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
  • Public content and actions, e.g. questions, answers, comments, upvotes
  • Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)

What happened

Last Friday the Quora.com team discovered that some user data was compromised by a third party who gained unauthorized access to one of their systems.

They’re conducting an investigation and while that investigation is still ongoing, in their own words “we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company”.

What’s Quora doing

Meanwhile they’re doing the investigation and working together with some external security and digital forensics firms they’re taking some steps to improve security and minimise the impact, such as:

  • Notify users whose data has been compromised.
  • Logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.

They “believe” they’ve identified the root cause and taken steps to address the issue, although the investigation is ongoing and they’ll continue to make security improvements.

Conclusion

We as software engineers, sysadmins, DevOps, or whatever cool name appears in the near future, should take seriously the security of our applications and the privacy of our users.

This won’t be the last security issue we’ll see in this cloud world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: