Quora got hacked
One of the internet's biggest question and answer website, quora.com was hacked recently. They sent me an email stating that my personal data may have been compromised. The email stated:
We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.
This the standard way of saying that "Hello dear member, our system got hacked and the hacker stole your personal information you stored on our service". The email further stated:
"The following information of yours may have been compromised:
Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Non-public actions, e.g. answer requests, downvotes, thanks
Non-public content, e.g. direct messages, suggested edits"
In other words, almost everything a user stores on Quora. But it is good that only encrypted passwords were hacked not the actual ones. Cause people often use the same password on multiple sites. Since the hacker got access to only the encrypted keys, he won't be able to view the real passwords.
If you have a Quora account, you should change your password immediately.
Hi @littleboy!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 4.093 which ranks you at #3293 across all Steem accounts.
Your rank has not changed in the last three days.
In our last Algorithmic Curation Round, consisting of 185 contributions, your post is ranked at #157.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
Encrypted passwords can still be decrypted. It might take longer, depending on the salt, but it can still be decrypted.
I am pretty confident Quora uses proper encryption to store the passwords. So, I don't it would be that easy to crack them.
If your password is less than 30 random characters, it can be cracked in under a week. That's why salting was added to so many password databases. Rainbow tables have the hashes of every password up to, I think it's 20 characters now? So salting is a necessity to prevent massive security breaches.