La piattaforma Quora ha subito un attacco informatico che ha esposto le credenziali di 100 milioni di utenti. Quora è una piattaforma tipo a Yahoo! Answers, che mette in contatto chi ha una domanda con chi potrebbe dare una risposta, la piattaforma afferma di avere 300 milioni di utenti. La società ha spiegato che l’attacco non sarà sottovalutato e ogni utente coinvolto riceverà un’email con dettagli e consigli per mettere in sicurezza il proprio profilo.
Gli autori dell’attacco hanno potuto accedere a informazioni come indirizzi email e password, oltre a dati personali nel caso in cui un utente si fosse iscritto utilizzando un account di un social network già attivo.
We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.
We also want to be as transparent as possible without compromising our security systems or the steps we’re taking, and in this post we’ll share what happened, what information was involved, what we’re doing, and what you can do.
We’re very sorry for any concern or inconvenience this may cause.
On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.
While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.
What information was involved
For approximately 100 million Quora users, the following information may have been compromised:
Account information, e.g. name, email address, encrypted password (hashed using bcrypt with a salt that varies for each user), data imported from linked networks when authorized by users
Public content and actions, e.g. questions, answers, comments, upvotes
Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.
What we are doing
While our investigation continues, we’re taking additional steps to improve our security:
We’re in the process of notifying users whose data has been compromised.
Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.
We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.
What you can do
We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.
If you were affected, we will update you with relevant details via email.