New breaches put social media data in the spotlight
The recent data breach at Quora, a questions and answers website, is part of an increasing trend of major data breaches affecting large organizations with an extensive user base.
Quora in December announced on a blog post called Quora Security Update that it had identified a security breach “by a malicious third party” and confirmed “100 million users may have been compromised."
Data that may have been stolen includes name, email, encrypted passwords, and data imported from "other networks," such as phone contacts or Facebook friends. Additional details on questions asked, answers given, up votes, down votes on public and private content is also believed to have been stolen.
In the short term, the company’s reputation will be directly affected by the breach as well as consumer trust significantly diminishing. A data breach is seen as a considerable PR disaster, and companies are often too late to identify the hack and frequently respond inadequately.
Companies like Quora can expect a short term financial hit in advertising revenue, and there will also be notable costs incurred to fix the problem and train its employees for security best practices.
Firms also often need to invest in a new security vendor and a dedicated security team (penetration testers). They will be required to completely review internal processes and introduce new security measures such as behavioral detection systems through AI and machine learning mechanics.
There is a significant risk. The type of data stolen could be used to identify a person’s political, social or sexual identification, making this data breach a potential breach of sensitive personal information. It is highly likely the encrypted passwords taken can be compromised and hackers can access a user’s other online accounts, if they use the same passwords.
In the longer term, it can be argued that the trust and reputation of the organization eventually recovers, and the steps taken to mitigate the breach can help restore confidence in the company. People often forget about the security breaches of the past, and the measures put in place may help rebuild customer and advertiser relations.
Unfortunately, there is not a huge amount users can do to mitigate the fallout of a data breach. The best practice would be to recommend users change usernames and passwords for associated online accounts. Always use different and complex passwords for your accounts. Do not use dictionary words for passwords and maybe consider using a complex password generator online.