Skip to main content

Quora hit by data breach affecting around 100 million users

Quora has been targeted by hackers in a data breach affecting around 100 million of its users.

The Mountain View, California-based company that operates a question-and-answer website said on Monday, December 3 that it recently discovered unauthorized access to its computer systems.

Recommended Videos

Data that “may have been compromised” includes account information such as names, email addresses, and encrypted (hashed) passwords. It also includes non-public content and actions; for example, answer requests, downvotes, and direct messages, though Quora says that only a “low percentage” of its users have ever sent or received such messages. Other stolen data may include records of public content and actions such as posted questions, answers, comments, and upvotes.

Please enable Javascript to view this content

In a message on its website, the company explained that while the stolen passwords shouldn’t be decipherable, as a precautionary measure, users should change the password of other online services if it’s the same one that’s used with their Quora account.

The company was keen to point out that the “overwhelming majority of the content accessed was already public on Quora,” but admitted that “the compromise of account and other private information is serious.”

Quora said it’s “working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future,” adding that it was sorry for any inconvenience caused.

For more information on the Quora breach, check out its specially setup help page.

Contacting affected users

Quora is in the process of emailing affected users with “relevant details,” though recipients of any emails purporting to come from Quora should be cautious about clicking on links within the message in case cybercriminals attempt to exploit the hack with their own phishing attacks.

As its investigation continues, Quora said it’s already taking steps to improve its security.

“Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords,” it said.

The company believes it has identified the root cause of the breach and has already taken steps to address it, but added that “our investigation is ongoing and we’ll continue to make security improvements.”

“We need to work very hard to make sure this does not happen again,” Quora wrote in its post. “We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”

The troubling incident comes just days after hotel giant Marriott revealed a hack affecting as many as 500 million of its customers, and a week after computer company Dell said it spotted an effort by cybercriminals to access its servers, though it declined to say how many of its customers may have been affected.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Chrome extensions with 1.4M users may have stolen your data
Google Chrome icon in mac dock.

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Read more
A data breach can cost millions of dollars — and you might be paying it
A dark mystery hand typing on a laptop computer at night.

According to a recent report from IBM Security, data breach costs are constantly on the rise. Unfortunately, this spells bad news not just for the companies involved, but also for the customers -- in more ways than one.

The report, which states that an average data breach is now estimated to cost $4.4 million, exposes the fact that the skyrocketing costs of data breaches directly affect the prices paid by the end customer.

Read more
Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more