Quora, the leading Question and Answer site released a blog post revealing the massive security breach that affected 100 million users.
Quora’s user data was compromised as a result of an authorized access by a third party.
The company released a blog on Friday putting some serious things vividly. The QA site said that it wanted ‘to be as transparent as possible without compromising our security systems or steps we’re taking’. The site confirmed the breach of security for about 100 million users and said that it was doing everything it can do to protect any further loss.
Telling about “What actually happened” the site said that they discovered on Friday that a third party gained unauthorized access to their system. Quora is still investigating the cause of this breach and has hired a leading forensic and security firm to assist them in this matter. Furthermore, the site also informed the law enforcement officials about the breach.
The blog post highlighted on the information that might have been compromised as a result of the breach. As per Quora:
The information may include account information such as name, email address, encrypted password, and some imported data from LinkedIn if the user has allowed.
Furthermore, the information also includes some public content and action such as questions, answers, comments, and Upvotes. Some of the private information which includes messages, Downvotes, and answer request was also breached. The site made it clear that questions and answers that were posted on Quora as anonymous were not compromised.
Quora has already taken steps to avoid any further loss or to prevent such incidents from happening in the future. The site notified all its users about the data breach, proving that they are “transparent.” The site logged out all the compromised accounts as a security measure. Also, it invalidated the passwords for all users who were using password validation for logging into the site.
Quora is positive that it has identified the root cause of the issue and with the ongoing investigation it would be able to identify the loopholes in security and would definitely improve them. The site has also opened up a forum where you can report any specific issues or raise your concerns over the recent security breach. If you haven’t received any email from Quora indicating the recent security breach then take a deep breath, you are safe! Quora has advised its users to change their passwords and not use the same passwords for multiple sites.
The platform has emphasized that it acknowledges the responsibilities it had and how it failed its users. Also, it ensured that it will be working harder and better to regain the user’s trust.
“We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”
The year 2018 seems like a year of data breaches but Quora seems to be very positive when it comes to accepting their mistake and publishing their stance over the issue. Unlike, some social media giants who were stubborn and ignorant even after putting the security of individuals at risk.
Stay tuned for updates on this issue.
Muhammad Abdullah
Areen Zahra
