On Tuesday the 4th of December, a few of the RiskLogic team members received the same email from the internet’s 94th ranked website, Quora.
“We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorised access to our systems by a malicious third party.”
Quora is a website you “probably didn’t know you had an account for”. Quora is an extremely active community of questions and answers supplied solely by its users. Strategically placed ads provide the website its revenue while people like Gary V to David Beckham have contributed to its content.
With 100 million users, this is a great target for would-be hackers. Account names, email addresses and encrypted passwords were taken by the hackers on Friday 30th November.
Influencers, organisations and brands rely on websites like Quora to repost their content. This goes towards Search Engine Optimisation (SEO) as well as building a credible brand. Quora has confirmed that as part of this attack, many posts and answers have in fact been “affected”.
Despite the loss of this information, the Q&A giant now faces serious reputational impacts from major contributors to its site. We’re yet to see how they’re going to handle this outside their social and email communications.
We are seeing a vast majority of publications now promoting steps on how to delete your Quora account, discussing that many users have to sign up to view answers. This will likely be a big impact for the shareholders.
What they did right
It’s easy to criticise organisations that lose your data. However, Quora and their CEO, Adam D’Angelo acted quickly and were the first to notify their users and the public; avoiding assumptions and incorrect media attention.
An email communication was sent to users stating: “It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust”.
Of course, others didn’t see it that way.
Quora also created a help-desk and support centre for their users, one that hosts information on what to do next, live updates on any hacking information and advice on this unique event.
This online support centre supposedly went live within the hour of the hack. This means the team had likely processes and plans in place for this very event – a good sign in the grand scheme of things.
Why you need to be concerned
This hack comes only days after Marriott Hotel announced 500 million of its guests’ details had been stolen, potentially including their passport details. To add, two months ago Facebook announced their biggest hack to date: 29 million accounts.
As expected, cyber attacks are on the rise this time of the year. In preparation for you to close the office and head off with your families, hackers are preparing to find more holes in systems. Many organisations will not know they’ve been a target until days, even weeks after the event.
As we step into a new year, more than ever, we must prepare for the worst and hope for the best.
What you can do now
The simple, but often forgotten task is to replace your passwords. Like your toothbrush, passwords should be changed seasonally at the minimum. Think about a complicated password that you will remember, for example:
Jack and Jill went up the hill to fetch water
*please don’t use this password!
Another easy step is to email your IT team and have them confirm updates to all organisational systems and firewalls have been completed. Get them to show you and the CEO proof.
Whatever you do, know that cyber attacks are still here, they’re not going anywhere and if anything, will only get more severe in nature. Being aware, resilient and a tough organisation to breach is the first step.
If you’re unsure or need more advice on this, we have plenty of programs that assist organisations around the world on cybersecurity. To add, we also have a professionally trained team on standby to support you.