On Monday, Quora announced that they’d been hacked.
The personal information of approximately 100 million users was compromised.
The hacked data included names, email addresses, encrypted passwords, even a user’s questions, answers, and direct messages.
As a Quora user, what is your risk? What will hackers do with the stolen info?
Paul Bischoff, a privacy advocate from Comparitech, told Consumer Press that the data can be used for phishing and as part of identity theft.
“Quora users should be on alert for targeted phishing messages claiming to be from Quora or an affiliated company,” warned Bischoff.
“Obviously, any information sent in a direct message can be used by hackers depending on what it is.
“It’s not that severe for the majority of Quora users. The stolen passwords are hashed and no payment information was breached, so there’s little immediate threat to most people. However, the small portion of users who utilized Quora’s direct messaging platform might have exposed any private information sent to other users”
Asked about the passwords being “hashed”, Bischoff explained: “Instead of storing your password in readable plain text, businesses often store hashed passwords because it’s more secure in the event of a data breach.
“Quora uses a hash algorithm and encryption key to turn plain text passwords into encrypted text, then stores that encrypted text on their servers. Whenever a user types in their password, the same algorithm and key are used to encrypt the text again.
“The resulting encrypted text is compared with the hashed password on the server, and if it matches, the user is logged in. Using this method, Quora never has to know its users’ real passwords. However, if a hacker obtained the encryption key, decrypting the passwords would be trivial. So far as we know, that hasn’t happened.”
When asked about what affected users should do about the hack, Bischoff said “Change your password”
“Even though the stolen ones are hashed, it pays to be cautious. If you used the same password on any other accounts, change those as well. You should have a unique password for every account, anyway.
“Enable two-factor authentication. This will require you to provide a PIN code sent to you via email, text, or an app whenever you log in from an unrecognized device. This should also be done on all your accounts wherever possible.
“Know that scammers might attempt to use the Quora data for spear phishing. Spear phishing targets a single person or small group of people, and emails usually include personal details to make the scam more believable. Learn how to identify and handle phishing emails properly.”
“The only way to avoid your data being breached is to abstain from giving your data to a company in the first place. Once your information is in the hands of a business, it’s up to that business to protect it. Minimize your digital footprint. Alternatively, sign up with an alias and fake personal information.”
Are you a Quora user?
Has Quora contacted you?
What do you think if their response to this issue so far?
Leave your thoughts below, and be sure to share this post with your friends, family and followers. They’ll appreciate the important info!
Have A Question? Ask Jessica!
-
Jessica: Hi, I'm Jessica, the Consumer Press AI, can I help you with a consumer question?
