Users of question-and-answer website Quora are being told to urgently change their passwords following a data breach that affected around half of its userbase, around 100 million accounts.
The news arrived through email on Tuesday (Dec 4th 2018) this week announcing user data had been obtained by “a third party”.
While the security investigation is on-going, Quora claim they know the root issue that led to the breach and are working on fixing it. However the data that was stolen from their website, which includes usernames, email addresses and encrypted passwords, is now out there on the Internet, and could be sold to scammers.
As an inevitable security step, Quora has invalidated the passwords of affected users, who will be logged out of the website and forced to change their password.
However, as is always the case with these sizeable data breaches, the issue isn’t necessarily with crooks accessing a victim’s Quora account, (the stolen passwords have been invalidated, after all) rather it’s with crooks taking advantage of people’s tendencies to reuse the same passwords and email/username combinations across different websites.
Sponsored Content. Continued below...
Meaning if crooks manage to decrypt the stolen password and pair them with their respective usernames and emails, crooks are likely to try those credentials on other services including Facebook, PayPal and email accounts.
Two ways to prevent this type of thing from happening is…
– Don’t use the same passwords across different websites, and if you do reuse your Quora password elsewhere, change it now.
– Always enable two-factor authentication when possible. This way, even if the crooks did get the right password and email for another account, they still can’t access it.
Sponsored Content. Continued below...
Another concern is that crooks may use your leaked email and password to try and initiate convincing email scams. In the scam emails, crooks will reveal your leaked password to make their email appear convincing, and then go on to try and lure you into sending them money.
One popular example of that in 2018 is trying to trick recipients into thinking they’ve been caught watching adult content through their device’s webcam, along with an extortion attempt to force them into sending money or risk having the compromising footage released to their friends and family.
The bottom line, however, is that if you use Quora, regardless of whether you got an email like the one above, make sure you’re no longer using that password. Anywhere on the Internet.
Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.
We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here
Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X