Up to 100 million Quora user accounts have been compromised after hackers breached the systems of the question-and-answer website.
Quora CEO Adam D’Angelo revealed in a blog post that the company discovered “some user data was compromised as a result of unauthorised access to one of our systems by a malicious third party”.
The information exposed could include names, email addresses, encrypted passwords, data from linked social networks, and questions, answers, comments and votes on the site.
D’Angelo said that Quora was notifying users whose data has been compromised, logging out all Quora users who may have been affected and invalidating their passwords if used as their authentication method. The company is continuing to investigate the precise causes of the breach and has retained a digital forensics and security firm to assist.
Nominet CTO Simon McCalla gave Quora credit for their rapid response.
‘The data leaked included email addresses, user IDs, direct messages, public forum information and encrypted passwords. And while Quora has recommended that users do change their passwords, the fact they were encrypted means the fallout from this breach could be less impactful than others,” he said.
“That said, Quora has shown good practice by reporting the breach and contacting users in timely fashion in the aftermath of the breach. This would suggest their internal security measures are well monitored and well operated. The fact they keep passwords encrypted also helps protect users should the worst happen. Of course, users of Quora should change their password for complete peace of mind but in this case, Quora’s proactive attitude to dealing with the breach will minimise the damage.”