Quora is the latest company to revealed that sensitive has been breached from their systems. Approximately 100m users are impacted and the data compromised includes:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Quora is informing affected users (subject line should be ‘Quora Security Update’) and logging users out of their accounts as well as invalidating their passwords (requiring a reset). Fortunately in this case no payment details have been accessed (as there are none to access). I’ll continue to say it but until the penalties for these types of data breaches are increased, they will continue to happen. It’s clear that corporations aren’t investing adequate resources into information security and users are the ones to suffer as a result.
