1

Today, I read this article that said that some hacker stole personal information of 100 million users of Quora — which allegedly is half of the total user base of Quora. This is kind of like when Facebook users' data got stolen a couple of years ago.

I have used Quora for maybe 3 years. I know that our information got stolen. But what is the big problem about that? There is no big change in my life. And (maybe) so for other people.

I am not that paranoid about the security awareness, so I don't know what is so dangerous about this kind of accident. Is the theft of personal information really such a bad accident?

Rodrigo de Azevedo
  • 242
  • 2
  • 13
gagantous
  • 193
  • 12
  • 6
    If you were having a conversation in the quiet corner of a coffee shop, you might not think it so bad if someone overheard you. If you thought the conversation was private and someone recorded it and shared it with others, you might not feel the same way. Privacy is not always about keeping secrets. It's about choosing who is entitled to listen to you speak or know who you are speaking with. – nbering Dec 08 '18 at 00:45
  • 1
    Is your password not something you consider sensitive? – forest Dec 08 '18 at 03:36

3 Answers3

6

Putting privacy concerns aside (as it sounds like you don't particularly care), having detailed personal information about you makes at least four things easier:

  1. Identity theft, opening new accounts in your name with your money and/or credit on the line
  2. Guessing password reset/security questions or impersonating you to customer service, to take over your accounts
  3. Crafting targeted phishing emails (a.k.a. "spear phishing")
  4. Blackmail/harassment/threats
Ben
  • 3,846
  • 1
  • 9
  • 22
2

The "big deal" is that personal information that was knowingly shared with and entrusted to Quora by consenting individuals was compromised and obtained illegally by a third party. Obviously, the individuals affected did not consent to this and, at least for a time, were completely unaware that their data entrusted to Quora was hacked.

As touched on by Ben, the potential for malicious use of the personal data is a very big deal.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
Jeff
  • 137
  • 2
  • please do not use posts for personal rants or for swearing. Additionally grammar and formatting are important here - excessive use of CAPS is not helpful. Please read [answer] for more guidance. – Rory Alsop Dec 08 '18 at 11:38
  • @Rory Alsop: Apologies for the language. However, the OP is asking what the big problem is with this particular data breach. The issue of privacy certainly has important subjective issues that relate directly to the question, "what's the big deal?" Six or eight caoitalized words out of 500 is hardly excessive nor an egregious error in structure of a written piece. Italicized would be completely allowable in even the most formal of writings and suggest an editor lean toward that sort of structural change as opposed to complete removal. Despite popular tech opinion, all caps is not yelling. – Jeff Dec 08 '18 at 12:11
  • Hi Jeff - I'll reiterate. We don't do that here. Our guidance/rules are very straightforward. Thanks. – Rory Alsop Dec 08 '18 at 12:27
  • @Jeff Just put one sentence in bold as a header, for example: **Yes, it is a big deal.** – forest Dec 08 '18 at 12:47
  • I downvoted this because it doesn't really explain why this is a problem. Just having something taken without my consent isn't *automatically* a cause for concern. For example, many people don't care if someone "steals" their garbage, as long as they don't make a mess of it. – user253751 Oct 23 '19 at 14:44
2

Not familiar with Quora in particular, but here's some bad things that can happend in general:

  • You could suffer monetary loss, e.g. if credit card info was stolen.
  • Your online identity could be connected to your offline identity. If you didn't want people to know what you have been writing or doing online, this can be a problem.
  • Information you thought were private (e.g. private messages, emails) could suddenly become public.
  • Your password could be exposed. If you reuse your password (still, lots of people do) other accounts could be breached as well. So a leak from a completely boring site without any interesting at all could suddenly cascade into other areas.
  • Leaked information could be used to impersonate you, e.g. to answer security questions to take over other accounts.
  • Leaked information could be used in spear phishing attacks against you, where you are fooled to believe the attacker is legitimate because she seems to know so much about you.

How severe the conseguenses are can wary from case to case. The infamous Ashley Madison leak lead to divorces and suicides. If you live in a country like China, having your political views exposed could land you in prison. But even the breach of a more innocent site like Quora could have unexpected and hard to predict consequences because of things like password reuse.

So if you have been reusing any password you ever used on Quora, I would change those right away.

Anders
  • 64,406
  • 24
  • 178
  • 215