How Quora Handled Their Data Breach

Written: December 3, 2018

Literally every week we read online about yet another data breach at a company that we trusted to protect our login credentials, name, address, phone number, and possibly our very sensitive credit card information. Today I received one of these “I’m sorry” email messages from a company called Quora, and they provide a place to raise and answer questions on any topic. I think that Quora did a decent job of alerting me, so I’m including their full email below:

Dear Daniel Payne,

We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.


What Happened
On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.


While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.

What information was involved

The following information of yours may have been compromised:

  • Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
  • Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
  • Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)

    Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

What we are doing
While our investigation continues, we’re taking additional steps to improve our security:

We’re in the process of notifying users whose data has been compromised.

Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.

We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.

We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.


What you can do
We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.


While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.

Conclusion
It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.

The Quora Team

So, I was able to reset my password pretty quickly:

Then I could choose my new password:

I don’t like having my private data breached, but it looks like Quora spotted the trouble, communicated what I should do, and let me quickly change my password to regain a secure identity. Well done Quora.

Tags: ,

New Website for Local Author

Written: November 23, 2018

I first met Kathryn at a Tualatin Chamber of Commerce networking event and then helped develop a consulting business web site for her. Just recently the purpose of the site was changed to become an author site, so I created a totally new look and replaced all of the content. Here’s the new Home page:

KD Scott, home

It’s popular now to have your Home page use a banner image that fits the entire web browser width. The photograph in the banner helps to create a mood, then the opening text on top of the photograph has a READ MORE button as a compelling event for visitors to click.

Mobile browsing is always important, and this site is responsive and it looks great on a mobile device:

KD Scott, mobile

The Contact page lets a visitor fill out a form, then sends an email to the owner, all while protecting the identity of the owner email address. It’s a best practice on the web to never publish your email address, because that allows spammers to harvest your email name and quickly add it to their lists of un-wanted email messages.

KD Scott, contact

We used WordPress, so the owner can login and maintain their own site without always having to ask a web developer like me to make updates.

New Artist Website Remodel

Written: November 16, 2018

Art and technology go together, and if you love viewing oil paintings then please browse the newly remodeled site for Anna Lancaster. She came to me looking to refresh the look of her website and gain the control to make all of her own changes, instead of having to always contact a vendor to make changes. Anna wanted the Home page to have a slideshow with larger images, then thumbnails to show off the different categories of her work.

Anna Lancaster, home page

Home Page

The header of each page includes social media icons for Facebook, Twitter, Instagram and LinkedIn. When you click on one of the thumbnails it brings you to a Gallery page that uses a masonry style where each image fits into a column and has a title:

Anna Lancaster, gallery

Gallery

Clicking on a galley thumbnail brings up a full-size painting with more details about it:

Anna Lancaster, painting details

Painting Details

To see more full-size paintings just click the Left or Right arrows. To stop looking at a full-size image click the X in the upper right corner.

Ann writes blog posts that include some of the locations that she paints from and her philosophy of painting.

Anna Lancaster, blog post

Blog Post

The site even looks great on a mobile device like your smart phone where you just have to scroll up and down to view the artwork:

Anna Lancaster, mobile

Mobile

The site is easy to update using any web browser, and you login to a WordPress account, which is a free Content Management System.

So if your looking for some artwork to place in your home or office, then give Anna’s site a look, then contact her or the gallery to get pricing information.

Tags:

Dear Retailers – Please Check Your Review Systems

Written: November 11, 2018

It’s popular with online retail shops to offer their buyers a review section, written by real customers so that I can decide if the product is a good fit for me or not before the purchase. Today I received an email from Performance Bicycle, and they requested that I review a recent purchase of cycling gloves.

Review Request

Review Request

OK, that sounded reasonable, so I clicked the Green Button and went through an entire page of questions to get my review all ready to publish, but then, uh oh. The dreaded error message from their web site that wouldn’t accept my review:

web failure

Web Failure

So here we have the classic Catch-22. A company wants my review, I comply, but their system isn’t even working, so they get no review.

I would expect that a large, public company like Performance Bicycle would have a web development team that does not only development, but they also test their own system, but not in this case. The frustration on my part is large enough that I will now avoid their store all-together, and just shop at Western Bike Works, River City Bicycles , Lakeside Bikes or Bike Tires Direct.

So the moral of the story is, build a web site, then test your own web site before your customers do. That way your customers are happy and return.

Tags: ,

Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com