Categories: world

What to do about Quora's latest data violation

December 4, 2018 Business 4 Views In what begins to feel like a weekly tradition, another popular service quora has…

In what begins to feel like a weekly tradition, another popular service quora has shown that it has been exposed to a security breach that may have affected users. As always, a certain blend of your personal information (or credentials) is potentially in the hands of people who should not have that information, and you will want to take action to secure your account and / or online life. [19659002] If you have ever made an account on Quora, here’s what you need to know:

What has hacked this time?

Quora sent an email and sent a blog to provide more information about the latest security breach affecting its service. First, Quora wants you to know that it is very sad. (It’s not about managing this process a little less annoying, but it’s always good to start with a strong excuse.)

Secondly, this violation affected approximately 1

00 million Quora users. It’s about a third of the active monthly user base, based on some of the numbers floating around the past few months. Third, Quora is actively investigating the crime, as it only discovered Friday, and found here so far:

“For about 100 million Quora users, the following information may be compromised:

  • Account information, for example, .name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
  • Public content and actions, such as questions, answers, comments, invitations
  • Non-public content and actions , such as responding to requests, countdowns, instant messages (note that a low percentage of Quora users have sent or received such messages). “

Quora attempts to render the passport portion of the violation, later commenting that” while the passwords were encrypted salt that varies for each user), it is generally a good method of not using the same password across multiple services, and we recommend that people change passwords if they do it. “

You should be a bit more worried, though. Quora does not go into detail about the type of hash feature that is used to encrypt these passwords, and Ars Technics Dan Goodin notes that this is a rather critical omission. If Quora had a simple approach, these passwords are not as protected as he describes:

“The specific hash feature is very important. If it’s one that uses fewer than 10,000 iterations of a quick algorithm like MD5 without cryptographic salt, hackers can use the hard disk and publicly available dictionaries break as many as 80 percent of password flow in a day or two. However, a bcrypt function can prevent a large percentage of hashs ever being converted into plain text. “

At least you can find comfort in the fact that the violation does not ] affect any anonymous questions or answers you have written to Quora. The site does not seem to associate these with your account in any way.

What do you do when there is a violation of the violation

We all will inevitably be affected by a violation of some

Read more Read

What should you do next?

Quora sends email to those potentially affected by the violation. But even if you do not get an email, situations such as these are a good time to review your online security set. For example:

Have you used the same password on Quora for other sites and services?

Stop doing it. I know, I know; I’ve done that too. However, given how easy it is to use a password management tool to create long, complicated and most important unique passwords for each site and service you use, there is no reason to use the same password on multiple websites. While you become serious about the creation of passwords will not stop these violations happening, it will significantly mitigate their effects.

Do you use a two-factor or two-step authentication?

When someone tries to sign in like you, a good website or service will warn you that it has detected a new login and you may want to do something about it if it’s not you. An even better website or service will reach you for a secondary form of control, a texted code, an authentication prompt, a number you read from a software or hardware, etc., that you must also enter in Addition to your Password for availability. If you have not configured two-factor authentication for the different things you log in, find out if there is an option. If you do, you only do a dysfunction by not using it.

Do you have a lot of dormant accounts?

I’m not a big Quora user. In fact, it has been so long since I have asked or answered a question, I can not even remember the last time I logged in. I have an account, but I get an “email” that reminds me of the fact.

While strong, unique passwords and two-factor authentication can do a lot to help you stay safe after your favorite website or service has always been hacked, do not forget all the services you used ] to use and no longer visit. If you no longer visit Quora (or Facebook, or Twitter or anything), enter and delete your account.

While there is no guarantee that future crimes will not dig up your old information, you have a stronger chance of preventing your information from leaking when you no longer use accounts.

Do you ignore a lot of emails?

Quora first reported affected users by email, and it is obvious that it will use email to let users know more about their major security breach. While we all get lots of emails, it’s worth creating a filter for words like “security”, “account” or “compromise” – to name a few – so you’re less likely to miss emails that let you know about the next major violation.

Share
Published by
Faela