Quora, a question and answer providing site on Tuesday reported that “It site was affected with a massive data breach which disclosed the account information of 100 million users.”
In a blog post, Adam D’Angelo CEO of Quora said: “The company on Friday, has discovered the unauthorized access through the third party on our systems, which affected some users data.”
The blog post stated that “Its internal security teams and leading digital forensics and security firms are investigating the actual cause of the breach.” The company has also said that it has notified the Law enforcement officials regarding this.
We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority. Read more here: https://t.co/uwbdMjoM1v
— Quora (@Quora) December 3, 2018
The company also stated that “We believe that we have identified the root cause of the breach and also taken steps to address the issue although our investigation is ongoing and we’ll continue to make security improvements.”
The company said that “It has started notifying users whose data was compromised and logging out all Quora users who may have been affected as a security precaution.
— Troy Hunt (@troyhunt) December 4, 2018
According to Quora, the following user data may have access:
- Account and user information, e.g., name, email, IP, user ID, encrypted password, user account settings, personalization data
- Public actions and content including drafts, e.g., questions, answers, comments, blog posts, upvotes
- Data imported from linked networks when authorized by you, e.g., contacts, demographic information, interests, access tokens (now invalidated)
- Non-public actions, e.g., answer requests, downvotes, thanks
- Non-public content, e.g. direct messages, suggested edits.