22 November 2018
The popular questions-and-answers website Quora is the latest victim of a massive security breach claimed to have affected about 100 million users. The confirmation of this unfortunate incident came in the form an official blog post from Quora CEO Adam D'Angelo and an alert email sent to all those users who might have been affected.
In the announcement, D'Angelo that their team has discovered unauthorized access by "a malicious third party". The security breach was discovered on last Friday where they found one of their systems was compromised. The hacker(s) got access to a variety of personal data about affected users except for the questions/answers shared anonymously. This is because Quora does not store any personally identifiable data related to anonymous content shared on the platform.
Here is the kind of data that has been affected by the breach:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Quora is working towards finding the exact cause of the breach and fixing the same. It is working with both internal and external security teams. It has already started to send alert emails to all the affected users detailing everything about the situation. It has also logged out all those users from their already signed-in devices. For those users who relied on passwords to log-in to their Quora accounts, all those passwords have been invalidated. It means those users will have to reset their passwords to use their accounts.
If you happen to be using your Quora passwords for any other service(s), it is recommended to change your password for those services too. We will keep you updated with further developments related to the matter.