Breach Brief – Quora, Jared & Kay Jewelers
Question and answer website Quora reported that it got hit by a data breach affecting 100 million users.
Quora reported that it discovered unauthorized access by a malicious third party on Friday. The company is investigating the the exact cause of of the breach in cooperation with a digital forensics firm and law enforcement.
Compromised user information includes names, email addresses, encrypted passwords and data imported by users from linked networks.
In a statement Quora representatives said, “The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.”
Affected users have been logged out, with a forced password reset for those who chose this as their authentication method.
Kay and Jared Jewelers
If you’re shopping for diamonds this holiday season you need to know that Kay and Jared Jewelers have suffered a data breach. Signet Jewelers, owners of Jared and Kay Jewelers announced that they have repaired a massive data breach that allowed anyone to view the order information of other customers. This information included home addresses and the last four digits of a purchaser’s credit card, according to KrebsonSecurity.com.
The issue was discovered by web designer Brandon Sheehy in November.
According to Sheehy he modified the link in the confirmation email just slightly, and pasted it into a web browser. The result was that he could see other customer’s orders. Sheehy claimed the action revealed customer’s name, shipping and billing address, phone number, email address, all items and total amounts, the delivery date, the tracking link and the last four digits of the customer’s credit card number.
Sheehy reported the issue to Signet Jewelers requesting they fix it. But according to Sheehy he could still see the information weeks later.
Signet Chief Information Officer Scott Lancaster said the company fixed the issue for all future orders, but not until recently was the issue fixed for past orders.
“When a customer first brought this matter to our attention in early November, we fixed it for all new orders going forward,” Lancaster said. “But we didn’t notice at the time that this applied to all past orders as well as future orders.”