Casa > cibernético Notícias > Quora Hacked: Hackers ter acesso a servidores de banco de dados interno

Quora Hacked: Hackers ter acesso a servidores de banco de dados interno

Quora enviou notificações para todos os seus usuários notificando-os de que foi violado. De acordo com as informações recebidas, um hacker de desconhecidos ou coletiva era capaz de acessar seu banco de dados de dados de usuário na sexta-feira (novembro 30). An investigation has started to find out how this has happened and to remedy any possible Quora security issues.

Quora Users Data Hijacked: What We know So Far

The news about the Quora incident was spread to users of the service by email. The email alert is titled Quora Security Update and it contains information about the intrusion. The information reads that the company has uncovered the incident recently and they are currently investigating the breach. On Friday security specialists from Quora detected that user data was acquired by an unauthorized third party who was able to gain access to their internal database servers. Upon detection of this, they took steps in order to remedy the identified weaknesses.

The following information has been compromised:

  • Account and user information, por exemplo. nome, o email, IP, ID do usuário, encrypted password, user account settings, personalization data
  • Public actions and content including drafts, por exemplo. questões, answers, comentários, blog posts, upvotes
  • Data imported from linked networks when authorized by you, por exemplo. Contatos, informação demográfica, interesses, access tokens (now invalidated)
  • Non-public actions, por exemplo. answer requests, downvotes, obrigado

The service does not store any identity information of anonymous Quora users, this means that those that write without being registered in the system should not worry about their private data. Quora is gradually identifying which users have been affected and are notifying them through email messages. Further steps that have been taken as a precaution is the force log out of all potentially affected users. Through a mandatory password reset they login credentials will be changed to disallow abuse in the future. This will lead to the practice of changing username and password combinations in regular periods in order to prevent abuse of leaked credentials.

relacionado: [wplinkpreview url =””]500 Milhões de clientes afetados por do Marriott Breach Starwood Dados

Quora Advertiser Accounts Are Also Affected

Individual user accounts were not the only ones that are affected. We received reports of advertiser account holders who have also been breached. The following information was accessed on their end:

  • Account information available on the Ads Manager account settings page
  • The email address provided for notifications about your ad campaigns
  • Campaign structure and setup, including information like budgets, schedule, bids, targeting, and ad information
  • Notifications that were in your Ads Manager, such as ad paused, logo approved, and ad ready
  • Audience setup information available on the Ads Manager audience page such as types and creation date
  • Partial credit card information, including name, data de validade, and the last four digits of the credit card

Quora specifically mentions that sensitive data such as payment card details and log files are not affected. The company states that they have found a possible cause of intrusion however the investigation is still ongoing and not concluded. All Quora user passwords are individually hashed and encrypted which provides a certain sense of comfort. However the best security practices still recommend that a password should not be reused across multiple services.


Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:

2 Comentários
  1. AvatarDelores J. Ryan

    My account at Insight Credit Union was charged $39.99 by this latest attack and am writing to ask how I get refund to my account. I purchased a n NFL Jersey, which I never received.

    1. AvatarMartin Beltov (pós autor)

      Hey Delores,

      Unfortunately it may be possible that you have purchased an item from a fraud merchant. You can talk with your bank about voiding the transactions.


Deixe uma resposta para Delores J. Ryan Cancelar resposta

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar