Hackers may have stolen the personal data of around 100 million users of the question-and-answer website Quora, the company announced on Monday evening. Quora said it discovered on Friday that hackers may have compromised account information such as email addresses, passwords and private direct messages, as well as questions and answers posted on the platform by users, the company wrote on its site.
“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” the firm wrote, while noting that posts written anonymously were not affected by the breach.
What information was compromised?- Quora
According to an official blog post about the breach by Quora CEO Adam D’Angelo, the information potentially compromised includes:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, up votes
- Non-public content and actions, e.g. answer requests, down votes, direct messages. (note that a low percentage of Quora users have sent or received such messages)
While the last two points are really mostly only relevant for Quora itself. Except perhaps the direct private messages – the name, mail addresses and passwords are what you definitely don’t want to get out.
As of now there is no information available on how Quora was breached. Affected users have been informed via mail and passwords were reset.
What measures can be followed now?
Change your passwords – NOW!
While the stolen passwords were encrypted it is still a lot safer to change your passwords. If you were amongst the affected users and use the same password for several of your accounts. Here are a couple of tips you may want to follow:
- Use a unique password for each of your accounts. When a website gets hacked one of the first things bad guys do is checking out if your username/email address/password combination works on other (high-profile) pages.
- Your password should consist of at least twelve characters – the more the better. It should include upper- and lower-cases, numbers, and special characters.
- Try and create passwords that can’t be found in a dictionary. Hackers nowadays have programs that cycle through dictionaries to check if they can access your account.
- Don’t use character strings like 12345, abcde, qweertyui, etc.
- Use passwords that can’t be associated with you: Your dog’s name, birthday dates of family members or yourself or your favorite sport are a not a good idea.
- Change your password regularly – especially when it comes to your email and online banking/online payment accounts.
- Don’t write down your passwords and never ever share them.
If you have trouble coming up with a good, strong, and complex enough password. You can always use a good Password Manager to help you out.