Tech Quora hacked. 100 million accounts compromised.

[AdultKing]

This seems to happen every week now.

Quote:

Quora announced tonight that one of their systems was hacked and has led to the exposure of approximately 100 million user's data to an unauthorized third-party.

https://www.bleepingcomputer.com/new...-data-exposed/

[King Mark]

That sucks. Gotta check my shit.

[VRPdommy]

Sometimes 'hacked' means someone made money for letting it happen..... LOL
Think about that.
But, as I have said for the last over 15 years, the term 'internet security' is a oxymoron.
No such thing.
You should never use the 2 words together in a sentence.
You can't begin to fix it for as long as anonymity and spam can exist.
Funny, you really can't be anonymous on the back-end, so why allow it on the front end ?
mixed feelings about all that.

[Bladewire]

↑↑↑ Truth

[Rochard]

I got an email saying my account was hacked. However, I've never heard of this company.

[Rochard]

Quote:

Originally Posted by VRPdommy

Sometimes 'hacked' means someone made money for letting it happen..... LOL
Think about that.
But, as I have said for the last over 15 years, the term 'internet security' is a oxymoron.
No such thing.
You should never use the 2 words together in a sentence.
You can't begin to fix it for as long as anonymity and spam can exist.
Funny, you really can't be anonymous on the back-end, so why allow it on the front end ?
mixed feelings about all that.

This is true. And very scary.

[ilnjscb]

No NO NO!! Now who will give pointless bullshit answers to questions!

[freecartoonporn]

please tell me they stored encrypted passwords and not in plaintext.

[CaptainHowdy]

Quote:

Originally Posted by ilnjscb

No NO NO!! Now who will give pointless bullshit answers to questions!

. . .

[CurrentlySober]

Quote:

Originally Posted by Dead Eye

Gotta check my shit.

Can I come with you and help please?

[ladida]

Nothing new here to see, move on.

[Manfap]

Quote:

Originally Posted by freecartoonporn

please tell me they stored encrypted passwords and not in plaintext.

they say they did.

'While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.'

[sleazyashell]

Quote:

Originally Posted by AdultKing

This seems to happen every week now.



*********************************

does it really matter... what personal information do we really have on quora...

[VRPdommy]

Quote:

Originally Posted by freecartoonporn

please tell me they stored encrypted passwords and not in plaintext.

If there is money involved, change your password every 12 months anyway.
Many times we do not learn of data breaches till long after the fact.
If I were working with larger amounts, I would change it every 4 months.

Never use your true birthdate where the folks you are giving it to have no real need for it.
Use the same fictitious date everywhere else so you can remember it as needed.

Use different passwords between what you use for really important stuff like banking and lame accounts like email, but keep them long and memorable in any case.

email is as important as banking cause if anyone gets a hold of your email, they may be able to change any of your other accounts without you knowing. Using cell text conformations is probably good, but I don't like it for some reason. Use both email and text if you are going to use them if you can. Having worked with voip systems the last 15 years, I don't exactly trust the full capability of the voice/data networks.

The point is, a person can pick up enough info from little pieces sprinkled around in lame sites to make everything else exposable. Limit your footprint where you can and skew data where it does not matter.

Your mothers maiden name, dob, last 4ssn can get you a full ssn. Your done !
(even less in some cases)

Facial ID is the coming thing. I don't like it either. Nor the idea we all have to give up our full biometric data to live.
Face ID, retina scan, finger print... perhaps soon DNA.
The face id goes to a larger 'track-ability' issue .

I can see the future of a insurance co raising your rates because you go in a bar or eat fast food more than twice a month etc etc etc
Until we have some really good rules on data privacy and punishment for breaching and hacks, we should not be using any biometrics for anything.
It all can be used against us in ways we have yet to see.
Who can collect it, can they store it, can they sell it... what about the hacks to it's storage.

Some large retailers have been experimenting in store with them. Almost all cams in banks and other security use have a new variety that make extracting biometric data from them easy and very accurate as those in your state BMV's/FBI data warehouses.
Facebook has been working with it for years on user photo and video even on old uploads.
That's how the FBI is finding folks so much faster from security footage and facebooks help.
...wait till those get hacked...it's only a matter of time...it may have already happened.

[Bladewire]

Each user should be paid money in the hundreds or thousands of dollars every time this happens. Information & privacy ate worth money.

[rowan]

Quote:

Originally Posted by freecartoonporn

please tell me they stored encrypted passwords and not in plaintext.

When my bank changed from a normal password field, which allowed me to enter both lower and upper case, to a "virtual" keyboard, which only allowed me to enter upper case, my mixed case password still worked when entered as all uppercase.

This suggests that the password was stored as plaintext.

Things that make you go HMMMMMM...

[rowan]

Quote:

Originally Posted by sleazyashell

does it really matter... what personal information do we really have on quora...

If people reuse passwords then an email address and password would be sufficient to access many other accounts.

Even if they use a unique password per site, other information such as security question answers or additional information like a name or DOB could help a hacker gain access to other accounts.

[bronco67]

What will be exposed? The time someone asked how to cure a cold sore in 24 hours?

[VRPdommy]

Quote:

Originally Posted by bronco67

What will be exposed? The time someone asked how to cure a cold sore in 24 hours?

I did not know what they do. never been there.
But from the sounds of it, if I can get your email/phone or ip address and what you were seeking in health query, I could sell that to pharma marketing for a high rate per unit for targeting.

They might start with that and who knows what else. But the same data might be sold to multiple buyers at different pricing. Depending on what it is and the quality/quantity,
you might be able to extract $2 per unit or more in all. Some buyers might be geo targeting for specific things and other in bulk.

The larger issue comes down to folks that collect everything to give intense info to those that will pay very high dollar for it.

Welcome to big bad data farm analytics... completely free to obtain... a little harder to sell quietly but not that hard. Everyone is willing to pay a little more for a edge.

[AdultKing]

Quote:

Originally Posted by sleazyashell

does it really matter... what personal information do we really have on quora...

A compromised account is a treasure trove of information that can be leveraged.

If you logged into Quora via Facebook the hackers will presumably have your email address, photo, posting history, IP addresses, Date of Birth, Location and so on.

If you logged into Quora via an email/password pair then the hackers will have all of the above plus security questions and answers.

This data can be leveraged to gain access to other services, online accounts and so forth. This information is also probably enough to get the ball rolling on Identity Theft.

Don't underestimate the many uses to which cybercriminals will use data, they trade it as a commodity, the use it for further attacks, identity theft, fraud the number of uses of personal data is only limited by imagination.