After Marriot reported a massive data breach affecting hundreds of millions of its patrons, Quora is the latest to report a similar story. The QA site has confirmed today that the personal information of 100 million users has been accessed by a malicious third party.
The website said that it learned about the breach this past Friday and immediately started the investigation. The company began notifying users on Monday. The exposed data includes not only the basic account information but also passwords, private direct messages, and data imported from linked accounts.
Related Uber Continues to Screw Up – Paid Hackers $100,000 to Hide a Massive Breach That Affected 57 Million Users
“We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party,” the company said in its announcement. “We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
For approximately 100 million Quora users, the following information may have been compromised:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
Public content and actions, e.g. questions, answers, comments, upvotes- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
- Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
Since its announcement of the security breach, Quora has been facing user backlash on Twitter as in the recent months it had started to push people to create accounts to even read the content, excerpts of which will show up in search results.
Just wanted to say I would have never registered an account if your site didn’t push for it so hard.
— Geo Miller (@storesyntax) December 4, 2018
Related Remember That Mega T-Mobile Data Exposure? The Company Starts Alerting Victims of “SIM Hijacking” Attempts
One of the worst ways I’ve seen a company initially handle a breach and contact users. Even the way you told us was stupid. Get a new security team.
My account is deleted. Maybe going forward you stop forcing people to register purely to see answers, like Yahoo Answers.
— Samta Carvalho ??? (@SamCarvalho) December 4, 2018
Quora is currently advising users to reset their passwords. If you didn’t receive the email, you might be asked to change your password when you try to log in the next time, however, reset emails are taking a little time to arrive.
In the meantime, you can access all the information around this Quora hack in these FAQs.