Security News

More data breaches: this time at Quora and 1-800-Flowers

Avast Security News Team, 4 December 2018

Are you one of the 100 million victims? Take these precautions just in case and look out for phishing emails.

Another day, another data breach. Two, actually.

The Canadian branch of popular gift chain 1-800-Flowers reported this week that malware on their website has been skimming user info and credit card numbers for, remarkably, four years. It seems the data-stealing malware has been active on the website from August 15, 2014 through September 15, 2018. The information siphoned seems to be everything a criminal would need to fraudulently use the credit cards — names, card numbers, expiration dates, and security codes. The mail-order flower company has not yet divulged how many users were affected.

Question-and-answer website Quora reported a data breach of their own yesterday, and they did divulge the number of victims — some 100 million users. In their blog post about the breach, the company reports that “user data was compromised by a third party.” Among the data in question is account info for hacked users including account names, account activity, and public content posted. Passwords were also compromised, though they were still encrypted (hashed). Avast Security Evangelist Luis Corrons warns that even though the passwords were hashed, they still pose a threat. “If you have used Quora, then you should change your password immediately,” he advises. “Your new password should be strong and contain a variety of characters and numbers. If the old password has been used for any other accounts, such as email, it should also be changed there.”

When changing passwords, be sure you follow the best practices for creating strong logins and uncrackable passwords. This includes enabling 2-factor authentication (2FA) when it is available. Also, save yourself the headache of remembering every login credential by using a password manager, which stores and remembers multiple passwords for multiple accounts.

“Given email addresses have been compromised,” Luis continues, “people are at a greater risk of phishing attacks. Consumers should be on their guard.”

To prevent yourself from becoming a victim of a phishing attack, Avast recommends the following:

  1. Look at the sender’s address carefully — Scammers are usually the ones with email addresses that have nothing to do with the company it claims to be, though phishing attacks are becoming harder to spot as attackers use new technologies to personalize emails, employing information that people share about themselves online.

  2. Do not click, download, or reply — If the email looks suspicious, even though it claims to come from a person or institution you know, do not click any links, download any attachments, or reply to the email. Instead, type the URL of the website in question directly into your browser’s address bar.

  3. Question all “too good to be true” offers — Phishing emails will try to bait you with attractive offers. Use common sense to figure out if it’s too good to be true. Also, make sure you have a strong antivirus installed that can detect and block phishing attacks before they cause any damage.

  4. Question fearmongering emails — The other tactic phishing emails use is fearmongering. They will try to scare you into rash action by falsely reporting that your account has been locked, there are charges that you didn’t make, or that there’s been suspicious activity you need to check. It’s all an attempt to get you to click the supplied links or unwittingly enter your login credentials on a phony page. Don’t fall for it!  


    Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN

    Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.