Quora hack exposes data of about 100 million users
Quora, the question-and-answer sharing website, announced yesterday that data of about 100 million of its users was compromised as a result of unauthorized access to one of their systems by a “malicious third party”.
“We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party,” Quora CEO Adam D’Angelo said in a security update blog post. “We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials. We are notifying affected Quora users. We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future. Protecting our users’ information and fostering an environment built on trust remains our top priority so that together we can continue to share and grow the world’s knowledge.”
Quora discovered the breach on Friday, November 30, when they found that user’s data was accessed by an unauthorized third-party.
According to Quora, the following information may have been compromised:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
However, as a safety measure, the company is currently notifying users whose data was compromised and logging out all affected Quora users. It has also notified law enforcement officials and has retained a leading digital forensics and security firm to assist them.
The users who wrote questions and answers anonymously were not affected by this breach, as the website does store information of people who post anonymous content. Currently, it is unknown how the attacker gained access to Quora’s systems.
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust,” Dylan added.
Quora has advised its users to not reuse the same password as Quora across multiple services, and suggested them to change it if they are doing so. Also, we would advise our readers to use unique passwords for every site that you visit to avoid being a victim of data breach.