Quora said today that a security breach may have compromised data from about 100 million users. In an email sent to users today and a blog post by CEO Adam D’Angelo, the company said a “malicious third party” gained unauthorized access to Quora’s systems on Friday. Its internal security teams and a “leading digital forensics and security form” are currently investigating the breach. Law enforcement officials have also been notified.
The social platform said late Monday that the account information and private messages of around 100 million users may have been exposed when its computer systems were compromised by “a malicious third party.” Quora discovered the data breach on Friday, the company’s chief executive, Adam D’Angelo, wrote in a blog post, and it is still investigating how it happened.
The company believes it has identified the root cause of the breach and “taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.” Quora also added that anonymous questions and answers were not affected by the breach because it does not store the identities of people who make anonymous postings.
The company is currently notifying users whose data was compromised and logging out all Quora users who may have been affected as a security precaution. It is also invalidating their passwords if they used one. A FAQ about the breach has been set up here.
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility,” Mr. D’Angelo wrote.
The company noted that the incident was unlikely to result in identity theft, as the site does not collect sensitive information such as credit card or social security numbers.
Still, coming less than a week after the hotel chain Marriott announced that hackers had stolen the personal data of up to 500 million guests, the incident serves as another reminder that a vast and expanding swath of our lives is vulnerable to digital intrusion.
In another article on its help center, Quora said “it is confident that no partner’s financial information has been compromised.” Some access tokens associated with Stripe, the payment processing service used by the company, were “temporarily compromised,” but Quora confirmed with Stripe that no access tokens have been used since the incident and no financial information was breached.
All users with Stripe accounts have also had their access tokens reset. “We are confident that no personal financial information that was accessible through Stripe has been compromised. Furthermore, no personal financial information is currently vulnerable,” Quora said.
User data that have been Accessed:
Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Non-public actions, e.g. answer requests, downvotes, thanks
Non-public content, e.g. direct messages, suggested edits
What is Quora:
Quora is a question-and-answer website where questions are asked, answered, edited, and organized by its community of users in the form of opinions. Its publisher, Quora Inc., is based in Mountain View, California. The company was founded in June 2009, and the website was made available to the public on June 21, 2010. Users can collaborate by editing questions and suggesting edits to answers that have been submitted by other users. Users on Quora are known for writing long, blog post-like answers.
- Real name policy
- Answer recommendations
- Content moderation
- Top Writers Program
- Quora World Meetup