The World’s most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorised access to potentially sensitive personal information of about 100 million of its users.
Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorised access to one of its systems and stole data on approximately 100 million users—that’s almost half of its entire user base.
According to Adam D’Angelo, the chief executive officer and co-founder of Quora, the personal user information compromised in the breach includes:
- Account information, such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorised by users.
- Public content and actions, like questions, answers, comments, and upvotes.
- Non-public content and actions, including answer requests, downvotes, direct and messages (note that a low percentage of Quora users have sent or received such messages).
Quora said it stores salted and hashed passwords to prevent them from cracking, but as a precaution, the company has logged all compromised users out of their Quora accounts, and forcing them to reset their passwords.
Quora said it is still investigating the breach and assured its users that it working rapidly to “take the appropriate steps to prevent such incidents in the future.”
“We’re still investigating the precise causes, and in addition to the work being conducted by our internal security teams, we have retained leading digital forensics and security firm to assist us. We have also notified law enforcement officials,” Adam said in a blog post.
Quora is notifying affected users of the breach through emails, but if you think you are compromised, you can head on to the company’s FAQ to find out every detail about the incident.
images from Hacker News