“Another one bites the dust“, this time Quora.com has been hacked and information for all the users exposed.
As you can read in their security update blogpost this was the information exposed:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Last Friday the Quora.com team discovered that some user data was compromised by a third party who gained unauthorized access to one of their systems.
They’re conducting an investigation and while that investigation is still ongoing, in their own words “we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company”.
What’s Quora doing
Meanwhile they’re doing the investigation and working together with some external security and digital forensics firms they’re taking some steps to improve security and minimise the impact, such as:
- Notify users whose data has been compromised.
- Logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
They “believe” they’ve identified the root cause and taken steps to address the issue, although the investigation is ongoing and they’ll continue to make security improvements.
We as software engineers, sysadmins, DevOps, or whatever cool name appears in the near future, should take seriously the security of our applications and the privacy of our users.
This won’t be the last security issue we’ll see in this cloud world.