About 100 million users of Quora were affected by unauthorised access to one of its systems by a “malicious third party,” the knowledge-sharing website said on Monday. Account information, including name, email address, encrypted passwords and other information of users may have been compromised, it added.
The company said it is logging out all Quora users who may have been affected to prevent further damage. The breach was discovered on Friday, and it has also sent out emails to all customers earlier today.
“We are in the process of notifying users whose data has been compromised,” Quora CEO Adam D’Angelo said in a blog post.
It further notes, “On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.”
The information compromised many include name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users. It would also include any public content meaning any questions, answers, comments and upvotes shared by the user.
Other non-public content is also impacted by the breach which is answer requests, downvotes, direct messages. The company insists that only a low percentage of Quora users have sent or received such messages.
The breach does not affect question and answers that are written anonymously because Quora does not store the identities of people who post anonymous content, according to the blog.
Quora also notified law enforcement officials regarding this breach. “It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognise that in order to maintain user trust, we need to work very hard to make sure this does not happen again,” concludes the post.
The Quora Inc-owned website was founded in 2009 by D’Angelo and Charlie Cheever, two former Facebook employees.