100 million Quora users' data leaked in breach.
On November 30th, Quora discovered that some of its users' data was compromised by a third party that gained unauthorized access to one of its systems. Hackers may have accessed the following user information:
- Account details such as name, email address, encrypted password, and data imported from linked networks.
- Public content and actions, i.e. questions, answers, comments, and upvotes.
- Non-public content and actions, i.e. answer requests, downvotes, and direct messages.
- Advertiser account details like campaign structure and setup as well as ad information like budget, schedule, bids, and targeting.
What did Quora do once it detected the attack?
As soon as the breach was identified, Quora's security team began its investigation into the cause of the attack. Besides that, Quora has hired a leading digital forensics and security firm to assist with the investigation. Quora assured users that the questions and answers that were written anonymously were not affected by the breach, since the identities of users who posts anonymous content are not saved.
Quora has notified all impacted users via email. As an additional security measure, the company has logged out all users who may have been affected and invalidated their passwords. Quora has confirmed that it is taking appropriate steps to improve its security, and the company has also notified law enforcement.
Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.
How can ManageEngine help you in such situations?
Log360, our comprehensive SIEM solution, can help your organization:
- Detect cross-site scripting (XSS) attacks, malicious file installation, DoS attacks, SQL injection, and more with its real-time correlation engine and threat intelligence capability. The solution also notifies you instantly about attempted and successful attacks, and provides detailed investigation reports to prevent future attacks.
- Spot potential intrusions or unauthorized network access attempts by correlating log data with the global IP threat database and STIX/TAXII threat feed processor.
- Detect potential insider threats with the user behavior analytics engine powered by machine learning, which creates a baseline of normal activities that are specific to each user and only notifies security personnel when there is a deviation from this norm.
- Monitor user activity within a database; account and permission changes in database
Get started with Log360.
Latest Ransomware attacks
Latest Data breach attacks
Latest Email Phishing attacks
Latest DoS and DDoS attacks
Latest Brute force attack
Latest Advanced persistent threat (APT)