The Q&A site Quora has revealed that the data of nearly 100 million users has been compromised due to a recent security breach. And that, is roughly one third of its active users. “A malicious third party” has gained “unauthorized access to one of our systems,” the post on the site’s blog read.

Quora is a site that was co-found by Adam D’Angelo eight years ago, who is currently the CEO of the site. It allows members as well as anonymous users to ask and answer each other’s questions.

After what happened, Quora had immediately taken steps to minimize the damage that could further be caused by emailing the 100 million users explaining the issue and asking them to reset the account passwords as well as to change the passwords of other sites in case they are using the same password that they have set for Quora for those sites as well.

“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility.” D’Angelo wrote. They had contacted law enforcement and retained a forensics and security team to assist investigation, he further said.

The company revealed that account information and private messages of the hacked accounts are compromised, which includes,

  • Name, email address, encrypted password, data imported from linked networks if authorized by users
  • Public content and actions (questions, answers, comments, upvotes etc.)
  • Non-public content and actions (answer requests, downvotes, direct messages),

and excludes anonymously asked and answered questions. The site assures users that it’s highly unlikely that the incident will cause identity theft, as they do not collect any sensitive personal information like credit card or social security numbers.

The site believes that it has identified the root cause and they had taken steps to address the situation. “We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again.”


Sources: USA Today, The NewYork Times