Quora mega breach affected almost half of the site’s total userbase

quora breach affected 100m users

Quora, on Monday, notified users of a cybersecurity breach in which hackers gained access to personal data of as many as 100 million accounts. Quora is one of the largest question-and-answer portals on the Internet.

The stolen data included users’ names, email addresses, and encrypted passwords as well as imported data such as contacts and demographic information from social networks like Facebook and Twitter if users chose to link them to their Quora accounts. “The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” Quora CEO Adam D’Angelo wrote in a blog post announcing the breach. Quora is also sending out emails to affected users.

Some private actions on the site like requests for answers, downvotes, and direct messages may have been compromised as well, informed the company. However, anonymously written questions and answers were not affected by the breach – as Quora says it does not store identifiable information for those posts.

The service has logged out all affected users and invalidated the old passwords. Users who chose the same password to protect accounts across multiple services were requested to change their passwords in all while updating Quora’s.

The company reportedly hires a digital forensics firm to investigate on the matter."We believe we've identified the root cause and taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements," the CEO said.