- Quora reports security breach affecting 100 million of their users, taking place on November 30.
- Stolen data include usernames, passwords, and user activity on the platform.
- Affected users will have to create new passwords in order to re-login to their accounts.
Adam D’Angelo, CEO of Quora has written a blog post to inform the Quora user base that some of their data were compromised after a malicious third party gained unauthorized access on their database on November 30. In an effort to stay transparent and honest, Quora’s leader enriched the post with key information on what happened, while their internal investigation that will yield more accurate results is still ongoing.
The data that was “hijacked” concerns about 100 million Quora users. The type of data includes names and emails, their encrypted passwords, all of their public content and actions on the platform. Even the upvote/downvote and direct private messages sent or received are included in the leak. Of course, all of the publicly available data was already open to anyone, but sharing a categorized collection of “who posted what” is a serious problem. Anonymous posts on Quora that are not linked to any accounts in the database had nothing to be jeopardized as nothing gets stored, so that’s one category that got away this time.
As the investigation on how the breach happened is still underway, Quora is taking a couple of additional steps to strengthen their security policy. All of the users who have been affected by the breach will be notified via email and logged out of the Quora platform automatically. Their current passwords will be invalidated and they will be prompted to create a new pass. While the compromised passwords are hashed, users will be required to use an entirely new password since hash leakages are not entirely out of the question right now. Further investigation will reveal if the attackers got hold of any backups that will help them get access to the hashed passes.