Tuesday, December 04, 2018

Quora has large data breach, but it is unlikely to harm many users



Quora, a site that poses questions which users can answer, has reported a hack of over 100 million users from authorized access that occurred Friday Nov. 30.

Motherboard Vice reports in a story here by Joseph Cox. 

CEO Adam D’Angelo, 34, has written an official statement here

The passwords stolen were encrypted, which should make it harder to misuse, especially with a huge number of them.  Site speakers who had used the same pw’s for other accounts should change these.

But the stolen email addresses may make phishing spam more frequent (and I’m wondering if somehow that accounts for the Apple spam I got last week).


When I went back into it this morning, it invited me to sign on with Facebook (which is probably also not the best security now, given what happened this year).

Most users are not likely to have placed other PII or non-public material on this site.

The site keeps track of subject matter preferences.  I see a lot of questions about USCF chess ratings. 
  
CERT has just reported several industrial espionage trojans which I’ll have to get back to later.

Sunday, December 02, 2018

I install a legitimate iPhone app, and get a suspicious email



On Thursday, I installed the Smart News app on my iPhone.  It is true that I had to look around for the right Apple password, as I had not used it for a while.

I later got this bizarre email (shown) from a spammer saying my account was “signed on with another device”.  That may be OK, but not the sender address of “account.mail.verify.complite”.  What’s going on?

In the past I’ve gotten bogus Apple emails claiming credit card transactions in Indonesia and Belarus for materials I never bought.  And no credit card transactions ever appeared.