Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Quora data breach leaks 100m user details - Expert comment from UK cyber skills lab

December 2018 by ames Hadley, CEO, Immersive Labs - a cyber skills company

Today, Q&A site Quora has announced that it was affected by a breach that has leaked the data of over 100 million users. According to the CEO, details included name, email addresses, encrypted passwords, data imported from linked networks when authorised by users, public content and actions on the platform, e.g. questions, answers, comments, upvotes and non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages). The breach was discovered on the 30th November.

James Hadley, CEO, Immersive Labs - a cyber skills company, says:

“Quora is the first port of call for many consumers online, and the fact that it has allowed such a large breach is troubling. The most alarming fact here is that it encourages its users to link their social media accounts to their profiles. This means it’s not only users’ Quora accounts that are at risk, but also their social media profiles, which may contain a plethora of information about the individual, which criminals may choose to exploit now or at a later date.

Businesses like Quora that interact directly with user data need to adhere to the strongest possible standards when it comes to online security. They must ensure that they are constantly monitoring the latest threats, and ensuring that their staff are able to defend their systems against them. The only way to do this is to make sure every member of the tech team - and indeed anyone who deals with customer data - is trained using real life scenarios based on up to date threat intelligence. Theory-based training and tick box exercises is not enough in the real world.

Criminals don’t follow the rules, and companies need to ensure their cyber training is as agile as possible in order to keep up with the ever changing threat landscape.

Failure to do so will mean that criminals keep on winning, while consumers continue to lose.”




See previous articles

    

See next articles