Question-and-answer website Quora says it was impacted by a security breach which may have exposed the personal data of as many as 100 million of its users.
Adam D'Angelo, the site’s CEO and co-founder, said Quora discovered late last week that one of its systems had been hacked by “a malicious third party.”
“On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems,” D’Angelo said in a blog post. “We're still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us.”
Information possibly compromised in the breach includes users' names, email addresses, and encrypted passwords, as well as data from social networks like Facebook and Twitter (in cases where people linked them to their Quora accounts).
The unauthorized parties also obtained details about users' activity on the platform, such as questions, answers, upvotes, and downvotes. However, anything posted anonymously wasn’t involved in the breach.
"The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious," D'Angelo said. “While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.”
Notifying affected users
Quora is now contacting the users whose data may have been compromised. Those users will be logged out and asked to reset their passwords. Those who reuse the same password across multiple sites are urged to change their password on those sites as well.
"It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers," Quora said. "We believe we've identified the root cause and taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements.”
The site’s security breach comes just days after another massive breach. Last week, Marriott admitted that its reservation system had been hacked, potentially exposing the user information from 500 million of its Starwood guests.