Approximately 100 million users of Quora on Monday may have had their data accessed following an unauthorised access to one of Quora’s systems by a “malicious third party,” the knowledge-sharing/question-and-answer website announced.
Account information including name, email address, encrypted password and data imported from linked networks when authorised by users may have been compromised, it said.
The company said it is logging out all Quora users who may have been affected to prevent further damage. Users will receive more information from the company via email.
Quora is a question-and-answer website where questions are asked, answered, edited, and organized by its community of users in the form of opinions. Its publisher, Quora Inc., is based in Mountain View, California. The company was founded in June 2009, and the website was made available to the public on June 21, 2010
Quora also suggested users change their passwords. “We are in the process of notifying users whose data has been compromised,” Quora CEO Adam D’Angelo said in a blog post.
In its email to users, Quora said, “We’ve included more detailed information about more specific questions you may have in our help centre, which you can find here.”
“While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so. The breach, discovered on 30 November, also affected public content and actions, and non-public content and actions. The company said not all Quora users were affected, and some were impacted more than others,” it stated.
Quora said the unauthorised access did not affect question and answers that were written anonymously, the company said, adding that it has also notified law enforcement officials.
The company is investigating the causes and said that in addition to the work being conducted by its internal security teams, it has retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.
Large-scale data breaches have been an unfortunately common occurrence in the last few years, as huge databases of information built up over years and years gets breached and hackers are able to retrieve large amounts of data.