What is a Quora bot
Hackers copy data from 100 million users of the Quora question portal
The operators of the question portal Quroa are currently warning around 100 million users via email that unknown attackers have successfully attacked the website and had access to various user data. Quora claims to have discovered the incident last Friday.
A warning from the Quora officials indicates that the intruders were able to copy direct messages, email addresses, comments and passwords, among other things. Credit card details and anonymously written posts should not be affected by the incident. The full extent is currently unclear and investigations are ongoing.
At Quora you can ask questions of all kinds, which the community answers. You can also subscribe to users and follow topics. The information service has existed since 2009.
Password protection unclear
The website operators ensure that passwords are protected on the servers (hash plus salt). However, it is currently unclear which hash function is used to treat the data. A response to the request from heise security is still pending.
If the MD5 method, which has long been considered unsafe, were to be used without Salt, the attackers could in most cases reconstruct the captured passwords in a comparatively short time. It remains to be hoped that a method that is currently considered secure, such as bcrypt, will be used to protect the data more effectively against brute force attacks.
For security reasons, Quora has invalidated passwords and logged users out. Anyone who uses the service must assign a new password the next time they log in. If the compromised password is also used in other online services, it should also be changed there.
How the attackers got into the system has not yet been clarified. Law enforcement and forensic and security firms are currently working on the incident.
[UPDATE, 04.12.2018 10:30 am]
The mails to affected users show that the passwords are hashed with Salt on the servers. Body text is adapted.
[UPDATE, 12/12/2018 9:00 a.m.]
A Quora spokesman informed us that the passwords are protected with the bcrypt method plus salt. According to what we know today, this is considered certain.
- What is hate speech
- Which state has the highest power of arms?
- How does SpaceX sell itself to NASA
- How is dementia diagnosed in the elderly
- How has Bitcoin affected other cryptocurrencies?
- What is the best route to tour Myanmar
- What makes a good Quora answer
- What is epidemic dropsy
- What are some narcissistic adult children
- Amazon Alexa speaks Spanish
- Are aliens really present on earth?
- Where to find online is Houston's Chamber of Commerce
- Should I leave London?
- Is Middle Eastern food healthy?
- Is 2 divided by infinite zero
- What foods increase iron
- What do traders mean as mathematical knowledge
- What is good pay in Singapore
- Can diabetics drink buttermilk?
- There were Indo-Europeans
- Tapporo is a dependable option to earn money
- What are some examples of important statistics
- What do you think of unexplained sterility
- How impressive is a doctor
- Poor people in America are unhappy
- Do you ever get angry about your parents?
- What are some good books on permutations
- How much does a 1968 D penny cost
- How does melanoma spread
- Was Snape a traitor?
- Why is Mecca so important to Muslims
- Can you be happy without having a choice?
- What do cricket fans think of baseball?
- Is it worth it to learn the German language