Quora hack

Apparently Quora was hacked recently and its users accounts were compromised.

If I registered at Quora using my Gmail account, can I assume the latter is now compromised as well?


I suspect that Quora account usernames and passwords were hacked, but not third-party account providers, no.

  • If you created a Quora account with your username as you@gmail.com and happened to use the password for Quora that you use to log in as you@gmail.com then YES you need to change your Gmail password ASAP. And don’t ever do that again (use the same password for multiple sites). You’ll also need to update your Quora password (to something different from your new Gmail password!)

  • If you created a Quora account with you@gmail.com as your username and some different password from your you@gmail.com Gmail login, your Gmail account is fine. Update your Quora password.

  • If you created a Quora account by linking your Google or Facebook account, your username and password are stored by and protected by Google/Facebook and should be ok.

And also change all the other sites which use that same password. Hackers will often use the same login/email/pw combination to try to log into other sites which accept email addresses as a login. So not only gmail, but your passwords for your bank, credit card, etc. should also be changed if they are the same password.

NB: in this scenario, some new spammers probably have your email address - and given that they have a password you might remember, but not remember where you used it, you might get email scam messages along these lines. Safe to ignore them.

This was discussed on yesterdays Security Now podcast (starting at 49m35s). The passwords were encrypted.