On Monday 3 December, popular question and answer website Quora announced that one of their systems was hacked, leading to the exposure of around 100 million user’s data.
Quora’s security update stated:
“We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party,”
Quora first discovered the breach on Friday 30 November, after noticing user’s data had been accessed by a third party. Following the discovery, the company contacted law enforcement and hired outside help in the order of a digital forensics and security consulting company. The investigation into the breach is still ongoing and we are expecting that Quora will provide updates when more information becomes available.
What Data Has Been Exposed?
- Public content and actions, for example, questions posted by users, answers to questions, comments on questions and upvotes to questions
- Non-Public content and actions, for example, downvotes, answer requests and direct messages to other users.
- Account information, for example, name, email address, encrypted password, data imported from other linked accounts during user authorization.
- No financial information has been exposed
Quora is in the process of updated the affected users, if your account was affected you may have already received a communication.
Adding to their statement Quora said:
“We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future. Protecting our users’ information and fostering an environment built on trust remains our top priority so that together we can continue to share and grow the world’s knowledge,”
It is not yet known how the attacker managed to gain access to the system, but the ongoing investigation should shed more light on the issue.
As a recommended next step, we urge users to change any passwords for sites that use the same password as their Quora account. Since the attacker now has access to the email address and password combinations, it is important to protect other accounts that may be targeted.