Late yesterday, popular Q&A website Quora publically disclosed they had suffered a data breach which may have compromised as many as 100 million users.
The exact number of users affected and what personal data was exposed has not been precisely determined as of time of writing. The personal information potentially compromised in this breach includes account information—names, email addresses, and encrypted passwords— as well as public and non-public content and actions on Quora; this can include public answers and questions.
Quora did stress that anonymous questions and answers were not breached, as those identities are not stored on the site’s databases.
Quora first detected evidence of the breach on Friday. According to a statement by Adam D’Angelo, CEO and Co-Founder of Quora: “We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.”
D’Angelo and Quora stated the site has already alerted law enforcement and is working with an independent security firm to determine the cause of the breach. They believe they have identified the root cause, but have not announced what that might be or how long the attackers dwelt on the network before discovery.
Quora has begun to notify and automatically log out affected users. Any potentially affected user will need to create a new password for the site; Quora recommends those users change any repeated use of their passwords on other websites as well.
This breach does not compare to the recent Marriott data breach, which affected far more individuals (500 million) and exposed far more damaging personal identifying information (such as passwords and credit cards). However, so many large breaches occurring at the tail end of 2018 set an ominous tone for enterprises heading into 2019.
Enterprises need to remember how devastating a data breach can be to their brand’s reputation and bottom line over the long term. Consumer trust is a precarious thing, and without a proper threat detection solution, enterprises can quickly lose it. Quora appears to be handling their breach remarkably well, but they are also relatively lucky that the information exposed wasn’t as valuable.
Without SIEM, your enterprise could very easily end up in the headlines…and not for the reasons you’d like.
Latest posts by Ben Canner (see all)
- Findings: The Forrester Wave: Midsize Managed Security Services Providers, Q3 2020 - August 11, 2020
- Quick Hits: Preventing Insider Threats in Your Business - August 6, 2020
- Is There an Optimal SIEM Approach for Your Business? - August 4, 2020