In what begins to feel like a weekly tradition, another popular service quora has shown that it has been exposed to a security breach that may have affected users. As always, a certain blend of your personal information (or credentials) is potentially in the hands of people who should not have that information, and you will want to take action to secure your account and / or online life.  If you have ever made an account on Quora, here’s what you need to know:
What has hacked this time?
Quora sent an email and sent a blog to provide more information about the latest security breach affecting its service. First, Quora wants you to know that it is very sad. (It’s not about managing this process a little less annoying, but it’s always good to start with a strong excuse.)
Secondly, this violation affected approximately 1
00 million Quora users. It’s about a third of the active monthly user base, based on some of the numbers floating around the past few months. Third, Quora is actively investigating the crime, as it only discovered Friday, and found here so far:
“For about 100 million Quora users, the following information may be compromised:
- Account information, for example, .name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, such as questions, answers, comments, invitations
- Non-public content and actions , such as responding to requests, countdowns, instant messages (note that a low percentage of Quora users have sent or received such messages). “
Quora attempts to render the passport portion of the violation, later commenting that” while the passwords were encrypted salt that varies for each user), it is generally a good method of not using the same password across multiple services, and we recommend that people change passwords if they do it. “
You should be a bit more worried, though. Quora does not go into detail about the type of hash feature that is used to encrypt these passwords, and Ars Technics Dan Goodin notes that this is a rather critical omission. If Quora had a simple approach, these passwords are not as protected as he describes:
“The specific hash feature is very important. If it’s one that uses fewer than 10,000 iterations of a quick algorithm like MD5 without cryptographic salt, hackers can use the hard disk and publicly available dictionaries break as many as 80 percent of password flow in a day or two. However, a bcrypt function can prevent a large percentage of hashs ever being converted into plain text. “
At least you can find comfort in the fact that the violation does not ] affect any anonymous questions or answers you have written to Quora. The site does not seem to associate these with your account in any way.
What do you do when there is a violation of the violation
We all will inevitably be affected by a violation of some
Read more Read