Hacker-Powered Security for Startups
You are laser-focused on building the best product, and growing fast without sacrificing quality. But growth can be crippled if customers sense a risk to their data. Learn how hyper-growth organizations like Sumo Logic, Flexport, and Alien Vault are accelerating innovation without compromising their product or security.
The personal data of some 100 million people who have used Quora, a popular question and answer website, has been compromised, the company disclosed Monday.
"We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party," wrote Quora CEO Adam D'Angelo in an online post.
"We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future," he added.
The intrusion -- which was discovered Friday, D'Angelo noted -- placed the following information of Quora users at risk:
- Account information, such as name, email address, hashed password and data imported from linked networks when authorized by users;
- Public content and actions, such as questions, answers, comments and "upvotes"; and
- Non-public content and actions, such as answer requests, downvotes and direct messages.
The First Commercial VR Devices – The EyePhone Head-Mounted Displays. In the late 1960s, the virtual and augmented reality terms were coined, describing the field of technology we know today. This also encompassed the appearance of two of the very first commercial virtual reality devices in the 1980s in the face of the EyePhone 1 and the EyePhone HRX. Developed by VPL research, a company by Jaron Lanier, the devices were extremely expensive, costing as much as $9,400 for the 1 version and $49,000 for the HRX. Customers could also buy gloves that costed $9,000. While the devices didn’t really take off, which is understanding, having in mind their price, they were a major step forward in the development of virtual reality haptics and virtual reality goggles and head-mounted displays.
"It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers," states a response on the company's FAQ page.
Compared to other large data breaches -- such as the breach at the Marriott hotel chain last week, which affected some 500 million customers and enabled intruders to steal credit card numbers, dates of birth and passport numbers -- the Quora attack is relatively mild, said Ted Rossman, an industry analyst with Creditcards.com in Austin, Texas.
"The Quora breach seems more contained," he told TechNewsWorld. "It was information that was already public or things that are not that sensitive, like email addresses."
The risk for most Quora users isn't that severe, remarked Paul Bischoff, privacy advocate at Comparitech , a reviews, advice and information website focused on consumer security products.
"However, the small portion of users who utilized Quora's direct messaging platform might have exposed private information sent to other users," Bischoff added.
"As we saw with the Cambridge Analytica fiasco, access to personal likes, tastes, and other preferences can be used against individuals," Javvad Malik, a security advocate at AlienVault , a threat intelligence company in San Mateo, California, told TechNewsWorld.
Chilling Effect on Sharing
Theft of data at the site also could have other consequences for Quora.
The U.S. Government Loves VR. Both NASA and the U.S. military are investing in virtual reality. NASA uses the technology to try to connect engineers with the devices they send into space. Using the Oculus, and motion sensing equipment from the Xbox One gaming console, NASA engineers are developing ways to control a robotic arm with gestures made by the operator here on Earth. The military uses VR to recruit and to train soldiers before they are deployed. The simulated scenarios provide opportunities for teams to work together in immersive, realistic environments to better prepare them for the chaos of combat.
"Since this is a knowledge-sharing platform, one of the risks of an incident like this is it could deter people from engaging in that kind of activity, which is productive and useful," said Thomas Jackson, chair of the technology practice group at Phillips Nizer , a law firm in New York City.
"Breaches like the one at Marriott put clients at risk because so much customer data is exposed," he told TechNewsWorld. "In the Quora case, the main issue is going to be the willingness of inviduals to contribute going forward. Will it have a negative effect on postings and new signups?"
Once a breach occurs, the damage is done and there's no taking it back, added Bischoff.
They'll be running Windows XP, and Windows XP will be end-of-life support by year three." In fact, the regulatory process that new connected medical devices must go through is so lengthy -- understandably so -- that they typically are years behind modern security trends by the time they hit the market, as security researcher and I Am The Cavalry cofounder Beau Woods pointed out.
Leveraging Social Media Logins
"People need to make sure their Google and Facebook profiles contain a minimal amount of personal information," he told TechNewsWorld. "For example, neither service needs to know your exact date of birth to provide you with services."
The most useful information stolen by the cybercriminals likely will be a massive list of valid email addresses, Hahad said.
"Hackers will often turn around and sell this data on the underground market," he explained. "Typical buyers are those that run spam platforms that cater to people trying to push products or build botnets."
The Virtuality Group Arcade Machine Experiences. The 1990s saw huge developments in virtual reality. With the rise of the arcades and arcade games, it was only a matter of time, before developers started coming up with new and exciting concepts and ideas. A company known as The Virtuality Group was at the cutting edge of virtual reality, launching a wide range of arcade games and machines that let either one or a couple of players immerse themselves into amazing 3D visual experiences. This happened in 1991, a year before the movie The Lawnmower Man further introduced the Virtual Reality concept to a wider audience of people.
What's a Consumer to Do?
Consumers concerned about the risks posed to them by the Quora breach can take a number of steps to protect themselves.
"They should decouple their Quora accounts from other platforms," recommended Mike Bittner, digital security and operations manager at The Media Trust , a website and mobile application security company in McLean, Virginia.
"It's common for attackers to sweep other consumer platforms to test credentials they just stole," he told TechNewsWorld.
Quora users also should be on the lookout for increased phishing and other attacks,he advised, as the black hats might have enough information to craft specially targeted ploys.
More of the Same in the Future
Until the Quora and Marriott attacks, 2018 was shaping up to be a down year for breaches, with 670 million records lost, compared to 1.58 billion in 2017, noted Terry Ray, CTO of Imperva , a web application firewall maker in Redwood City, California.
"Now, with two back-to-back major breaches compromising roughly 600 million total accounts, 2018 is in striking distance of matching or exceeding last year," he told TechNewsWorld.
The future doesn't look bright, unless you're a data thief.
"All companies, regardless of size, should expect to be targeted by attackers and prepare themselves by knowing all the third parties they work with," The Media Trust's Bittner warned.
Virtual Reality is expected to reach $34 billion by 2023 according to Markets and Markets and a combined total of $94 Billion including augmented reality by 2023.
"Attacks are not a matter of if, but when," he added.
"Until companies can adequately protect their customers, this trend will not slow down, and the prognosis will not trend positively," Carder predicted.
"I thought the Equifax breach last year -- where they let 150 million accounts slip out the cracks -- would be a tipping point," said Creditcards.com's Rossman, "but a year, later very little has changed. It's up to us to protect ourselves."