Who hacked Quora

Quora hacked - data stolen from 100 million users

Data leakage seems to be all the rage these days - hardly a day goes by without reading about another case. Cathay Pacific, British Airways, Marriott and of course Facebook are just a few of the companies that have had data tapped from in the past few months. Anyone who hoped that this year would finally be enough is wrong: Today another leak came to light - at Quora.

Quora is a questions and answers website. This means that anyone can ask or answer questions. If you are really lucky, you will even get an answer from celebrities like Obama, Stephen Fry, or Gillian Anderson. The site itself requires that you either log in via Google or Facebook (we now know that at least the latter is not a particularly good idea), or you create a profile with your real name.

While this should help give weight to the answers, it isn't all that great if the page is hacked and this information stolen. Unfortunately, that's exactly what happened: According to Quora, the data was stolen from 100 million users.

What information was accessed?

The following data has been copied from around 100 million users:

  • Account information such as name, email address, encrypted passwords and data imported from other networks linked to the account.
  • Public content and actions such as questions, answers, upvotes and comments.
  • Non-public content and actions such as response requests, downvotes and direct messages.

While the last two points - apart from the direct messages - are likely to be more relevant for Quora, the real names in connection with email addresses and passwords are definitely something that you don't want to know in public.

It is currently unknown how the hackers managed to break into Quora's systems. The affected users were notified by email and their passwords reset.

It is best to change your password immediately

The stolen passwords were encrypted and reset - but it is still never wrong to take some precautions for your own account security, especially if you are using the same password for several accounts:

  • Use an individual password for each of your user accounts. If a website is hacked, the perpetrators first test whether the combination of username or email address and password also works on other (large) platforms.
  • Your password should have at least twelve characters. It should consist of upper and lower case letters, numbers and special characters.
  • Use passwords that are not in the dictionary. Hackers nowadays have programs that can use dictionary searches to gain access to your accounts.
  • Avoid strings like 12345, abcde, qwertzuiop, etc.
  • Use unrelated passwords. For example, the dog's name, family members' birthdays, or their favorite sport are not a good idea.
  • Don't write down passwords and share themNo waysomeone else with.

If you find it difficult to create a good, strong and sufficiently complex password, the best thing to do is to use a password manager who can help you with this.