The folks at Quora had a big scare recently when it was revealed that some of its user’s data were compromised in an attack. Apparently, the attack took place last Friday, and what the attackers walked away with is quite damning.
In a blog post, a member of the Quora team stated that an investigation is currently being done and that they are doing all that is necessary to make sure this never happens again in the future.
What type of user information was compromised?
Here’s the thing, Quora has over 100 million users, and guess what? It is possible that all member accounts have been compromised in the attack. The following, according to the blog post, is all the information attackers have gotten away with:
- Account information, e.g. name, email address, encrypted password (hashed using bcrypt with a salt that varies for each user), data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Now, users who have written anonymous questions and answers have nothing to worry about since Quora does not store data for anonymous users.
What has happened here is a big deal and a perfect reason as to why we must never store personal information on the web, no matter how trusting a platform may be.
At the moment, the Quora team is working with online security specialists and the authorities to unravel the mystery behind the identities of the attackers among other things. Steps are also being put in place to beef up security, and that’s good.
If you have an account, we suggest changing your password and delete all personal data where possible.