Why is Quora so useless

Comments on the Quora hack - data theft from 100 million users

Data breach

, Munich, IPS | Author: Herbert Wieler

Hackers steal data from 100 million Quora users

The knowledge platform Quora announced on Tuesday that hackers had gained access to data from around 100 million users. The hole gave the hackers access to names, email addresses, defaced passwords and direct messages.

James CarderCommenting on the incident, CISO at LogRhythm said:

“At the end of the day, this glitch was based on personal information that has likely been stolen from many other loopholes. The company has taken reasonable steps - including prompt notification of the data breach - to contain and mitigate the threat. The only thing that should be considered in terms of increased risk is whether users have linked their Quora accounts to others (e.g. Facebook, LinkedIn, etc.) and whether this breakdown has also reached these companies and the information they store .

To protect themselves, Quora users should definitely change their passwords, especially those that lead to their linked accounts on other platforms. They should keep an eye on their credit monitors and be extra vigilant about the other accounts and applications they use. You should make sure that all of your passwords are unique and not used across multiple accounts, as it allows attackers to potentially gain access to additional accounts. It is common for attackers to try stolen credentials on other consumer platforms just now. Quora users should be on the lookout for increased phishing and other attacks because attackers now have enough information to model a targeted attack. Users must assume that the content that was written or commented on on the Quora platform is now public. It should be a lesson to us not to put things on the Internet with the assumption that they are protected or confidential. One should always assume that one day they could be published.

Unfortunately, such mishaps will continue to occur. We will hear of significant recent data breaches. Repeatedly reading reports on how something like this happened (e.g. repeated attacker methods) and what was stolen (e.g. the same data again) will desensitize us. Until companies can adequately protect their customers by investing in security, personally and financially, and can be held responsible for their mistakes (e.g. would negligence put a CEO in jail?), This trend will not subside, and so will The prognosis is not positive. ''

Comment from KnowBe4 on the hacking attack on Quora

On November 30, 2018, the online question service Quora announced that around 100 million users were affected by a hacker attack. Among other things, the attackers stole sensitive information such as email addresses, defaced passwords, usernames, private direct messages, comments and the ratings of the responses, as well as information imported from LinkedIn. The attack on Quora is probably based on social engineering and could have been prevented with modern security awareness training.

Detlev Weise, Managing Director at KnowBe4 comments: “Social engineering and malware currently represent one of the greatest security risks for sensitive data. The complexity of IT and insufficient training of employees increase the already difficult task of securing online services, desktop devices and the entire network of a company . As a result, many companies are largely concentrating on defending against these attacks by intensifying their security awareness training initiatives. ”“ Security awareness training helps employees remain vigilant and identify social engineering in good time, making them less susceptible to fraudulent attacks “, Explains Weise. “A modern training program informs the participants about the signs and dangers of phishing, smishing and vishing attempts and then trains them with practical simulations. A suitable platform has a large number of templates for simulated social engineering attacks via e-mail, telephone and SMS. These can be used automatically to sensitize employees, to identify security gaps and malicious attempts at fraud, so that they can protect themselves against such unforeseen attacks. The risk of a data protection incident such as with Quora can be greatly reduced. "