quora | Breaking Cybersecurity News | The Hacker News

The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that's almost half of its entire user base. According to Adam D'Angelo, the chief executive officer and co-founder of Quora, the personal user information compromised in the breach includes: Account information , such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorized by users. Public content and actions , like questions, answers, comments, and upvotes. Non-public content and actions , including answer requests, downvotes, ...

Nobody is immune to being Hacked! After hacking Mark Zuckerberg's Twitter and Pinterest accounts, Hacking group OurMine has successfully hacked the Quora account Google CEO Sundar Pichai and then cross-posted to his Twitter account. The hack became apparent when OurMine posted messages on Quora through Pichai's account, which then appeared on his official Twitter feed late Sunday night — Thanks to the two accounts being linked. All the tweets in question have since been removed from Pichai's Twitter feed. Unlike Mark Zuckerberg, the three-man team Saudi hackers group did not use password exposed by 2012 LinkedIn data breach; rather they claimed to have discovered a vulnerability in Quora, which is a Q&A community launched in 2010. The group behind OurMine claims it is "testing security" of accounts and teaching people to secure their online accounts better. "We are just testing people security (sic), we never change their passwords, we did it...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...