Quora says 100 million users hit by security breach

On December 4, question-and-answer website “Quora” reported unauthorized access to one of its systems by a “malicious third party”, which compromised the personal data of nearly 100 million users.

Quora’s CEO Adam D’Angelo said, “We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”

The data allegedly compromised includes: Account and user information (name, email, IP, user ID, encrypted password, user account settings, personalization data); Public actions and content, including drafts (questions, answers, comments, blog posts, upvotes); Data imported from linked networks when authorized by users (contacts, demographic information, interests, access tokens [now invalidated]); Non-public actions (answer requests, downvotes, thanks); and Non-public content (direct messages, suggested edits).

In this regard, in order to prevent any additional damage, Quora stated that it is now logging out all users who may have been affected, and if they use a password as their authentication method, Quora is invalidating their passwords.

D’Angelo said, "The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious... We are in the process of notifying users whose data has been compromised.”

According to Quora, the data breach did not affect questions and answers that are written anonymously because it does not store the identities of people who make anonymous postings. The firm has, however, informed the law enforcement officials of the issue. Quora added, “We have retained a leading digital forensics and security firm to assist us.”

Subsequently, D'Angelo said, "We believe we've identified the root cause and taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements."