There’s never been a data breach like it and it’s difficult to fully appreciate its severity. The hack of Quora exposed 100 million users accounts that contain a wealth of detailed and perhaps unique personal information found nowhere else on the Internet, exposing them to serious risks ahead including blackmail.
Quora CEO Adam D’Angelo admitted it a blog post last week that a data breach exposed more than 100 million Quora user accounts. It’s difficult to fully appreciate the severity. Quora doesn’t collect financial information like credit cards or social security numbers or other account numbers. That’s the good news. The bad news is Quora collects a wealth of detailed and perhaps unique personal information found no where else on the Internet on its users.
If you aren’t familiar with Quora, it’s a user-generated question and answer database. Think of a search engine for questions where popular answers get upvoted by the users. It’s a bit like Wikipedia combined with a social network. Users can simply browse the topics but hundreds of millions of people have created accounts so they can post questions and answers, vote on the best responses and provide feedback.
As with recent Facebook and Google breaches, this hack may affect unrelated social network accounts with shared sign-on access. Any information imported by a user from another social network site including contacts, personal or demographic information, likes or other associations may have also been exposed. In additional, the information specific to Quora such as a user’s questions posed or answers given on the site as well as searches conducted may have been revealed. For people who may have used Quora to conduct sensitive personal or professional research, this could be especially concerning. These users may not even know what has been exposed. After all, who remembers their own history?
Finally, content posted anonymously may in fact be traceable back to its source. At MyProfyle, we have recently seen hacks of social network websites like Facebook used as the basis for emailed threats and insinuations aimed at blackmailing people in an attempt to extort them to submit a ransom via untraceable bitcoin less their supposedly embarrassing online activity be revealed to their friends and social contacts. With the Quora data breach, it’s possible that the hackers could reference specific anonymous postings made by the user and threaten to reveal them to the user’s Facebook friends, for example.
So what should you do? Quora has notified affected users and pushed a password reset email. We think if you used shared social sign-on between Quora and other social network sites you need to lot out of those sites and do a password reset there as well. If you used the same password you used at Quora across the Internet, you should start making changes more broadly and being using unique strong passwords on all sensitive websites, especially those that store your credit cards, financial or sensitive information.
At MyProfyle, we believe this threat is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.
Did You Find This Post Interesting?
Join our email list to get the latest blog posts sent to your inbox