The latest victims to a large scale security breach this week are users of Quora. The intrusion may have been ongoing over several weeks/months before being detected/announced exposing logins, email addresses, account settings, public and non-public content and actions as well as data imported from linked networks of 100 million users. Quora’s CEO, Adam D’Angelo, announced the breach on Monday and gave insight on the company’s plan of action to include a thorough investigation and tiered outreach to affected users.
An apology in the form of an alarming email, blog article, FAQ, logging out users and ongoing investigation is in place. Whether you’re a frequenter of the popular question and answer site or not, this should serve as a friendly reminder to minimize the personal impact you may face from this breach. Below are a few things we recommend to get started.
Change your password
If you’re a culprit of using a single password across multiple sites, STOP. With so many headliners of massive cyberattacks, password security shouldn’t be an afterthought or rather a reaction post-attack. Consider a routine workflow similar to that of your work environment e.g. changing your password every 90 days. However, if you find it daunting to concoct yet another password, we would suggest using a password manager such as Lastpass or Sticky Password. These are two that offer two factor authentication. To the best of our knowledge, Quora does not offer two factor authentication.
Create a password recovery email
Next, if this isn’t a part of your routine, consider dedicating an email address strictly for password recovery. In the event of Quora’s or any other entity’s malicious attacks, having a B-side account can be a life-saver. Just like a singular password, a singular email for all online accounts simply makes the hacker’s job easier.
Consider closing accounts
Out of habit, it’s tough to resist signing up for online services to stay in the know. Some services will be utilized more than other. Then some are simply forgotten about. For the latter two, this recent breach may be a good reason to deactivate those accounts. In doing so, you’re not necessarily immune, but will certainly lessen the chances of your data being compromised.
Quora’s data breach follows Dell and Marriott for large scale attacks as of late. In this day and age, we can no longer delegate the responsibility of security to the companies we interact with, as it seems that there is no entity immune to a cyber attack. While it is impossible for organization to prevent breaches even with the best controls in place, we, as users, must protect ourselves.