Massive data breach at Quora

Quora was affected by unauthorized access to one of its systems

In a blog post titled "Quora Security Update", the site revealed that the data of approximately 100 million users may have been compromised as a result of unauthorised access to its systems on Friday.

Quora said, in a statement emailed to members, that they are now investigating exactly how the breach occurred.

Account information, including names, email addresses, encrypted passwords and data imported from linked networks when authorized by users may have been compromised, it said.

So a lot of users who've tried to read one Quora forum that one time only to be prompted to log in have probably never thought about their accounts again - until an email about a hack turned up in their inbox.

Non-public content could have also been accessed, such as answer requests, downvotes, and direct messages.

Quora said it's in the process of notifying all users who it believes were impacted by the hack. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

But don't worry, your identity probably won't be stolen because Quora doesn't collect sensitive personal information like credit card or social security numbers. Quora only described the attackers as a "malicious third party", although they have also mentioned that they've "identified the root cause".

While the passwords were hashed with a unique salt for each Quora user, d'Angelo advised those who had re-used credentials across multiple services to change them as best practice.

To combat this breach, Quora logged all users out, and forced all accounts using a password as authentication to reset it.

"While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company".

Related:

Comments


Other news