Quora has been targeted by hackers in a data breach affecting around 100 million of its users.
The Mountain View, California-based company that operates a question-and-answer website said on Monday, December 3 that it recently discovered unauthorized access to its computer systems.
Data that “may have been compromised” includes account information such as names, email addresses, and encrypted (hashed) passwords. It also includes non-public content and actions; for example, answer requests, downvotes, and direct messages, though Quora says that only a “low percentage” of its users have ever sent or received such messages. Other stolen data may include records of public content and actions such as posted questions, answers, comments, and upvotes.
In a message on its website, the company explained that while the stolen passwords shouldn’t be decipherable, as a precautionary measure, users should change the password of other online services if it’s the same one that’s used with their Quora account.
The company was keen to point out that the “overwhelming majority of the content accessed was already public on Quora,” but admitted that “the compromise of account and other private information is serious.”
Quora said it’s “working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future,” adding that it was sorry for any inconvenience caused.
For more information on the Quora breach, check out its specially setup help page.
Contacting affected users
Quora is in the process of emailing affected users with “relevant details,” though recipients of any emails purporting to come from Quora should be cautious about clicking on links within the message in case cybercriminals attempt to exploit the hack with their own phishing attacks.
As its investigation continues, Quora said it’s already taking steps to improve its security.
“Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords,” it said.
The company believes it has identified the root cause of the breach and has already taken steps to address it, but added that “our investigation is ongoing and we’ll continue to make security improvements.”
“We need to work very hard to make sure this does not happen again,” Quora wrote in its post. “We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”
The troubling incident comes just days after hotel giant Marriott revealed a hack affecting as many as 500 million of its customers, and a week after computer company Dell said it spotted an effort by cybercriminals to access its servers, though it declined to say how many of its customers may have been affected.
