The US-based social network for knowledge exchange, Quora, reported that a malicious third party has accessed its system and compromised its users’ data security. A statement from the company’s CEO, Adam D'Angelo, read that the breach, which was discovered on November 30, had affected over 100 million accounts.
We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority. Read more here: https://t.co/uwbdMjoM1v— Quora (@Quora) 3 декабря 2018 г.
Along with public information such as questions asked on Quora, the perpetrators may have got hold of account information, such as names and passwords, as well as users’ non-public activities, including direct messages.
The company claimed that it had identified the root cause and addressed the vulnerability. But the causes behind the attack have not been revealed. The company has launched an investigation, conducted by its own security department as well as outsourced firms, and notified officials of the matter.
Meanwhile, the service advised its users to change their passwords, especially if they use the same one on several sites.
Some Twitter users, as well as tech journalists, pointed out that many may have forgotten that they even have a Quora account. Forbes states that some people could be unaware that they have an account, as the service is linked to Facebook quizzes and could have accidentally signed up.
Other netizens slammed Quora for pushing their services without providing security.
Your service insists on verifying identity and then you lose all the shit. Cute.— Paul E. Ester (@Paul_E_Ester) 4 декабря 2018 г.
This is why you shouldn’t require user registration.— Landon Epps (@landonepps) 4 декабря 2018 г.
Some criticized the company for reporting the breach days after it was discovered.
Morons. Only data that was not breached was data that you’ve never saved. Evidence that you should not save anything.— The (@eg_mast3r) 4 декабря 2018 г.
You discover the breach on Friday and then go for a relaxing weekend before informing everyone today?