Quora Data Breach Exposes 100 Million Users' Personal Info

schwit1 shares a report from CBS News: Information sharing website Quora has announced a data breach which has exposed "approximately 100 million users'" personal data. The company said in a statement released Monday that it discovered the "unauthorized access to one of our systems by a malicious third party," on Friday. Chief Executive Adam D'Angelo wrote in the blog post that Quora had alerted law enforcement authorities and was "working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future." D'Angelo said Quora was working to alert the affected users of the site, whose names, email addresses and encrypted passwords, and public content such as their questions, answers and comments, were exposed through the breach. Those users would be required to reset their passwords, D'Angelo said.

The site annoyingly makes you create an account

[ZorinLynx]

Even if you're not going to contribute anything, you're forced to create an account to keep browsing. I wonder how many of those 100 million accounts are throwaways used to browse the site. I know mine is!

Websites shouldn't force read-only users to create accounts. Not only is it annoying, but it wastes resources on your servers and now you have more accounts to potentially get hacked.

/. Bug Alert

[hcs_$reboot]

Moderated "Encrypted passwords" below +1, then entered the parent comment as AC, and now 1) cannot mod anymore 2) the mod I made earlier below disappeared ...

Re:

[Dunbal]

This is by design, not a bug.

Re:

[hcs_$reboot]

Been here long enough... I posted my parent account with my nickname AFTER the bug appeared!
1. Moderated +1
2. Commented as AC
3. At that time, the mod point disappeared and couldn't mod the story anymore
4. Then posted with my nickname to describe the bug!
Guys you're so condescending!

Re:

[mattyj]

Except that they collect browsing habits/history that are attached to an email address, which is a saleable commodity.

Probably cuts down on robots indexing their data and selling it or doing whatever with it, too.

Annoying, I agree, but the evil empire has its reasons.

Re:

[140Mandak262Jamuna]

Why create a throwaway login? Copy paste the text into google searcgh box and you click on the google link.

Re:

[freeze128]

Perfect use-case for SQRL.

Re:

[ayesnymous]

I think Quora was created by a former Facebook employee. It's not worth creating an account. It's just another Yahoo Answers with hardly any useful content.

Re:

[dkman]

Thank you for answering my question, "What is Quora and why would they have my information?"

Encrypted passwords?

[viperidaenz]

I hope not. That implies they're not one-way hashed and if they've stolen the encryption key too, they can obtain the actual password.
That would be an amature security mistake on Quora's part.

Re:

[mattyj]

I'd posit that a mistake that's already exposed that much data, undetected until now, is an amateur security mistake. If they get the data and the key, that's more like infantile.

Re:

[Dunbal]

That implies they're not one-way hashed

_strrev() is an awesome password "hashing" function!

Re:

[Dilly Dilly!]

It's possible that the term "encrypted" is being used loosely to encompass the process of salting and hashing passwords.

For users, the problem is that it's hard to know whether any particular site is using good security practices to keep data secure. I use is a password manager (mSecure) that runs locally on my phone, and generate unique random passwords for each site. That way, a breach like this wouldn't allow my data to be compromised on other sites, where I might have reused the password. I don't upl

Re:

[gander666]

Well, seeing how reliable their service is (not very), this wouldn't surprise me.

Another data breach

[BringsApples]

So many data breaches lately, makes me wonder if eventually everyone's data will be worthless. And then what??? Most of the propellant of today's society has to do with gathering personal data. If personal data turns out to be worthless, we're talking a shit-storm of problems for a society that's built around it.

Re:

[Dixie_Flatline]

I personally *try* to make sure my data is worthless. I mean, they know I like math and science questions, but that's hardly news. I lie about nearly everything personal they ask me; I just make sure my age is over 18. I use a shitty password because I couldn't care less if they crack it and use it to log onto some other shitty site where I have a forum account or something. Personal questions? I tell them that I grew up on Dingleberry street, and my first pet was named "flame retardant banana". (Note: I ma

Re:

[grep -v '.*' *]

If personal data turns out to be worthless, we're talking a shit-storm of problems for a society that's built around it.

TULIPS! Get your freshly harvested tulip bulbs here! Tulips! Only one per house, that's the price!

Link [investopedia.com] (How Much: at the peak of the market, a person could trade a single tulip for an entire estate, and, at the bottom, one tulip was the price of a common onion.)

Re:

[Anonymous Coward]

The data breaches are the largely the flip-side of hiring cheap developers. What goes around comes around etc.

Re:

[ElizabethGreene]

It's an order of magnitude better than Yahoo Answers. You still have the occasional buffoon, but the signal to noise ratio is excellent.

Well...

[The Grim Reefer]

Information sharing website Quora has announced a data breach

TFS says it's an information sharing site.

I am sure there is a Quora article on ...

[140Mandak262Jamuna]

... How to guard against hackers.

Comment removed

[account_deleted]

Comment removed based on user account deletion

quora.com: roll the dice and see what comes up

[BlackOverflow]

When I want highly questionable answers from completely unknown sources, quora.com is my go-to place!