View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 4, 2018updated 11 Jul 2022 4:37am

Quora Hacked: Website Logs Out 200 Million Users

"Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords."

By CBR Staff Writer

Popular Q&A forum Quora has logged out its entire 200-million-strong user base and invalidated all passwords after hackers stole the account information, direct messages and comments of an estimated 100 million users.

Saying its systems were compromised by a malicious third party, the company, owned by former Facebook employees Adam D’Angelo and Charlie Cheever, said it discovered the breach on Friday and was still investigating how it happened.

Read this: Magecart’s 7 Groups: Hackers Dropping Counter-Intelligence Code in JavaScript Skimmers

“In addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials”, the California-headquartered company said. 

Quora Hack: Joins Long Line of Data Spewers

The breach is just the latest in a string of colossal exposures of private user data: late last week hotel chain Marriott International fell victim to one of biggest such recent hacks, with 500 million guests’ details including card numbers exposed.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Other large-scale recent breaches include Hong Kong-based airline Cathay Pacific, where 9 million passport and payment details were exposed in October.

Quora account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorised by users, public content and actions, e.g. questions, answers, comments, upvotes and non-public content and actions, e.g. answer requests, downvotes, direct messages may all have been compromised.

Passwords were hashed (encrypted/scrambled) so are unlikely to have been compromised, but Quora said it recommends users change their passwords on other accounts too if they had used the same one across multiple online accounts.

See also: Cathay Pacific Hack: 9.4 Million Affected

Troy Hunt, founder of the haveibeenpwned.com website, which allows users to check whether their emails have been compromised in a breach, said: “Short of not using online services at all, there’s simply nothing you can do to *not* be in a breach, there’s only things you can do to minimise the impact when it inevitably happens.”

Stephen Cox, VP & Chief Security Architect at SecureAuth said in an emailed statement: “Mounting evidence points at stolen credentials being involved in the vast majority of breaches, and there is no sign of this trend slowing down. More focus needs to be put on advanced authentication techniques to improve organisations’ security posture in this threat landscape.”

He added: “Far too many organisations are relying on approaches that have simply been proven ineffective against modern attackers, and they must be careful to not develop a false sense of security even when they’ve adopted basic techniques such as two-factor authentication. These types of breaches will continue to proliferate unless organisations up their game for their employees and their customers, implementing multi-factor and adaptive authentication to render stolen credentials useless to an attacker.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU