Question and answer site Quora announced a data breach that affected about 100 million users’ accounts. The hacked information included names, email addresses, and encrypted passwords. While most people who participate in online discussion via the platform may establish an account, anyone who has posted through Quora anonymously does not need to worry about their name getting “out there” since they never provided it.
Names, email addresses, and Quora passwords might not seem like a big deal to some users. After all, the company discovered the breach on November 30th and has already begun issuing notification letters. They’ve also forced a reset of all account passwords, so everything should be fine.
Unless… unless you’re one of the incredibly high numbers of people—52%, in fact—who reuses their passwords on multiple websites.
For years, security experts have tracked the use of “popular” passwords, and have found bizarrely simple passwords to be the most popular. These include things like “password,” “123456,” and “QWERTY,” just to name a few. But password strength—or lack thereof—isn’t really the problem in this case.
With the Quora breach, it doesn’t matter how amazing your password is, like “h2E9Nb17LW.” If you reuse that same password on any other website on the web, the hackers who have your Quora email and password have those same credentials to try on other sites. Hopefully, your online banking, credit card, PayPal, Amazon, and other vital accounts aren’t connected to those credentials this way.
This incident and so many others that only affect login credentials can be mistaken for being “not a big deal,” but the reality is just the opposite. When web users reuse their credentials like this, they leave themselves vulnerable to other account breaches and identity theft. It’s essential to create a strong password for every account you have, but it’s equally important to keep each strong password limited to one account.