Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quora Data Breach Exposes 100 Million Users' Personal Info (cbsnews.com)

Posted by BeauHD on from the here-we-go-again dept.

schwit1 shares a report from CBS News: Information sharing website Quora has announced a data breach which has exposed "approximately 100 million users'" personal data. The company said in a statement released Monday that it discovered the "unauthorized access to one of our systems by a malicious third party," on Friday. Chief Executive Adam D'Angelo wrote in the blog post that Quora had alerted law enforcement authorities and was "working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future." D'Angelo said Quora was working to alert the affected users of the site, whose names, email addresses and encrypted passwords, and public content such as their questions, answers and comments, were exposed through the breach. Those users would be required to reset their passwords, D'Angelo said.

40 comments

  1. The site annoyingly makes you create an account by ZorinLynx · · Score: 4, Insightful

    Even if you're not going to contribute anything, you're forced to create an account to keep browsing. I wonder how many of those 100 million accounts are throwaways used to browse the site. I know mine is!

    Websites shouldn't force read-only users to create accounts. Not only is it annoying, but it wastes resources on your servers and now you have more accounts to potentially get hacked.

    1. Re:The site annoyingly makes you create an account by Anonymous Coward · · Score: 0

      Even if you're not going to contribute anything, you're forced to create an account to keep browsing

      Which version of Quora are you using?? I always browse Quora without having to use a created account.

    2. Re:The site annoyingly makes you create an account by mattyj · · Score: 1

      Except that they collect browsing habits/history that are attached to an email address, which is a saleable commodity.

      Probably cuts down on robots indexing their data and selling it or doing whatever with it, too.

      Annoying, I agree, but the evil empire has its reasons.

    3. Re:The site annoyingly makes you create an account by Anonymous Coward · · Score: 0

      Maybe you're using uBlock Origin, with it you can browse Quora without logging in.

    4. Re:The site annoyingly makes you create an account by 140Mandak262Jamuna · · Score: 1

      Why create a throwaway login? Copy paste the text into google searcgh box and you click on the google link.

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    5. Re:The site annoyingly makes you create an account by freeze128 · · Score: 1

      Perfect use-case for SQRL.

    6. Re:The site annoyingly makes you create an account by ayesnymous · · Score: 1

      I think Quora was created by a former Facebook employee. It's not worth creating an account. It's just another Yahoo Answers with hardly any useful content.

    7. Re:The site annoyingly makes you create an account by dkman · · Score: 1

      Thank you for answering my question, "What is Quora and why would they have my information?"

      --
      I refuse to sign
  2. Encrypted passwords? by viperidaenz · · Score: 1

    I hope not. That implies they're not one-way hashed and if they've stolen the encryption key too, they can obtain the actual password.
    That would be an amature security mistake on Quora's part.

    1. Re:Encrypted passwords? by mattyj · · Score: 1

      I'd posit that a mistake that's already exposed that much data, undetected until now, is an amateur security mistake. If they get the data and the key, that's more like infantile.

    2. Re:Encrypted passwords? by Dunbal · · Score: 1

      That implies they're not one-way hashed

      _strrev() is an awesome password "hashing" function!

      --
      Seven puppies were harmed during the making of this post.
    3. Re:Encrypted passwords? by Dilly+Dilly! · · Score: 1

      It's possible that the term "encrypted" is being used loosely to encompass the process of salting and hashing passwords.

      For users, the problem is that it's hard to know whether any particular site is using good security practices to keep data secure. I use is a password manager (mSecure) that runs locally on my phone, and generate unique random passwords for each site. That way, a breach like this wouldn't allow my data to be compromised on other sites, where I might have reused the password. I don't upload the data from mSecure anywhere, though I keep backups on SD cards. The data and backups are stored with 256-bit Blowfish encryption and a unique passphrase. I know, there's a single point of failure, where all my passwords are stored in one place and protected by a single passphrase, and phones aren't particularly secure. But if I moved the password manager to a laptop or desktop computer, I wouldn't as readily have access to my passwords when I need them. It's relatively convenient, simple to use, and it seems better than many of the alternatives.

      Unfortunately, there's no way for a user to know which sites are secure. It seems like everything should be treated as highly vulnerable, and users should protect themselves accordingly.

    4. Re:Encrypted passwords? by gander666 · · Score: 1

      Well, seeing how reliable their service is (not very), this wouldn't surprise me.

      --
      Suppose you were an idiot and suppose you were a member of Congress ... but I repeat myself. - Mark T
    5. Re: Encrypted passwords? by Anonymous Coward · · Score: 0

      Great until you lose your phone.

  3. Bugmenot by Anonymous Coward · · Score: 0

    Amusingly filtered as a "hacking site" at work, but essential for getting around the web without exposing any more than I have to.

  4. Another data breach by BringsApples · · Score: 4, Insightful

    So many data breaches lately, makes me wonder if eventually everyone's data will be worthless. And then what??? Most of the propellant of today's society has to do with gathering personal data. If personal data turns out to be worthless, we're talking a shit-storm of problems for a society that's built around it.

    --
    Politics; n. : A religion whereby man is god.
    1. Re:Another data breach by Dixie_Flatline · · Score: 1

      I personally *try* to make sure my data is worthless. I mean, they know I like math and science questions, but that's hardly news. I lie about nearly everything personal they ask me; I just make sure my age is over 18. I use a shitty password because I couldn't care less if they crack it and use it to log onto some other shitty site where I have a forum account or something. Personal questions? I tell them that I grew up on Dingleberry street, and my first pet was named "flame retardant banana". (Note: I made those answers up on the spot. See how easy it is?)

      The trick is to know what information is worth caring about. Lie as much as possible on the internet. Nobody needs to know your real birthday except your Mom and the government.

    2. Re:Another data breach by Anonymous Coward · · Score: 0

      "If personal data turns out to be worthless, we're talking a shit-storm of problems for a society that's built around it."
      We're talking a shitstorm of problems for those who insist a society be built around it.

      Sucks, doesn't it?

    3. Re:Another data breach by grep+-v+'.*'+* · · Score: 1

      If personal data turns out to be worthless, we're talking a shit-storm of problems for a society that's built around it.

      TULIPS! Get your freshly harvested tulip bulbs here! Tulips! Only one per house, that's the price!

      Link (How Much: at the peak of the market, a person could trade a single tulip for an entire estate, and, at the bottom, one tulip was the price of a common onion.)

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    4. Re:Another data breach by Anonymous Coward · · Score: 1

      The data breaches are the largely the flip-side of hiring cheap developers. What goes around comes around etc.

  5. /. Bug Alert by hcs_$reboot · · Score: 0

    Moderated "Encrypted passwords" below +1, then entered the parent comment as AC, and now 1) cannot mod anymore 2) the mod I made earlier below disappeared ...

    --
    Slashdot, fix the reply notifications... You won't get away with it...
    1. Re:/. Bug Alert by Anonymous Coward · · Score: 0

      If you comment on a discussion, your mods are undone and you can no longer moderate that story. This is to prevent various shenanigans.

    2. Re: /. Bug Alert by Anonymous Coward · · Score: 0

      Arguably, this isn't a bug. Users aren't supposed to be posting and moderating in the same article. If that happens to prevent users from posting anonymously in the same article they've moderated in, I fail to see the problem.

      There are far more annoying bugs, including lots of broken links in various user pages, and the mobile interface is awful.

      The giant ASCII art swastikas tend to be posted by accounts that have terrible karma, and therefore post automatically at -1. The mobile interface shows these posts as having scores of +1 instead of -1, so they don't get filtered if I browse at 0 or 1. The karma bonus also doesn't affect comment scores in the mobile version.

      In the desktop version, when you click the username of the accounts posting the ASCII art swastikas (e.g., NAZI KKK Revival), the links are broken. I don't know how to access those user pages at all from the desktop version of the site.

      Slashdot is pretty broken in lots of ways. What you're describing seems like a low priority, and might actually be in line with the intent of preventing users from moderating and posting in the same story.

    3. Re:/. Bug Alert by Dunbal · · Score: 1

      This is by design, not a bug.

      --
      Seven puppies were harmed during the making of this post.
    4. Re:/. Bug Alert by hcs_$reboot · · Score: 1

      Been here long enough... I posted my parent account with my nickname AFTER the bug appeared!
      1. Moderated +1
      2. Commented as AC
      3. At that time, the mod point disappeared and couldn't mod the story anymore
      4. Then posted with my nickname to describe the bug!
      Guys you're so condescending!

      --
      Slashdot, fix the reply notifications... You won't get away with it...
  6. What? by Anonymous Coward · · Score: 0

    "Quora, founded by former Facebook employees, is a website where users can ask questions in hopes of getting information or advice from other members."

    It's one of those "ask yahoo" clones, right? It wouldn't let me see anything without logging in, so I left.

    1. Re:What? by ElizabethGreene · · Score: 1

      It's an order of magnitude better than Yahoo Answers. You still have the occasional buffoon, but the signal to noise ratio is excellent.

  7. Well... by The+Grim+Reefer · · Score: 5, Funny

    Information sharing website Quora has announced a data breach

    TFS says it's an information sharing site.

  8. WHAAAT? by Anonymous Coward · · Score: 0

    People are upset that an information sharing service shared their information?

  9. I am sure there is a Quora article on ... by 140Mandak262Jamuna · · Score: 1

    ... How to guard against hackers.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  10. It wasn’t really a breach. by Hallux-F-Sinister · · Score: 2

    Someone just went on Quora, and asked the community, “what would it be like if a file containing all of Quora’s user data were on my computer?” and one of the moderators answered.

    --
    Our reign has gone on long enough. Indeed. Summon the meteors.
  11. Quora’s Worthless Anyway by Anonymous Coward · · Score: 0

    It’s stuffed to the gills with worthless spam questions, like “Is there a comprehensive list of commercial cheese-straightening companies?”, followed by line of almost identical responses with extremely high ratings.

    Basically, Amazon ratings with a snooty attitude.

    1. Re:Quora’s Worthless Anyway by Anonymous Coward · · Score: 0

      It’s stuffed to the gills with worthless spam questions, like “Is there a comprehensive list of commercial cheese-straightening companies?”, followed by line of almost identical responses with extremely high ratings.

      Basically, Amazon ratings with a snooty attitude.

      And also what appears to be junior high school math homework questions.
      Anther thing is that in the military section there are these lengthy stories that "my grandfather/uncle told me" that all sound like they were written by the same British guy.

  12. Ooh no, I have an account by Anonymous Coward · · Score: 0

    Ooh wait, that was one of my fake accounts made with a spare email.

    Best security practice I've seen is to not be myself wherever I can, then I don't have to care it they leak.

  13. Cloud not if hacked but when hacked by Anonymous Coward · · Score: 0

    Cloud data
      - not if your data is going to be stolen
      - It's when your data will be stolen

  14. Hahaha!! Stupid fucks!!! by Anonymous Coward · · Score: 0

    So glad I never signed up for an account on that garbage website

  15. quora.com: roll the dice and see what comes up by BlackOverflow · · Score: 1

    When I want highly questionable answers from completely unknown sources, quora.com is my go-to place!

    1. Re:quora.com: roll the dice and see what comes up by Anonymous Coward · · Score: 0

      IKR?!?! They're the most competition Wikipedia has ever had!!

  16. 100 Million Users? by Anonymous Coward · · Score: 0

    The fucking piece of shit site has 100 million users? Why?

    Fuck them. I hope they go out of business. They can't take that shit site off the web soon enough for me.