Quora reports data breach affecting 100 million users

December 7, 2018 by Jim Puzzanghera
Credit: CC0 Public Domain

Quora, a question-and-answer website, has reported a data breach affecting about 100 million users.

In a blog post, Chief Executive Adam D'Angelo said user account information such as user names, email addresses, encrypted passwords and data imported from linked networks "may have been compromised."

Users' histories—including public questions and answers, as well as comments and votes, along with nonpublic actions such as answer requests and direct messages—also might have been compromised.

"We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future," D'Angelo wrote Monday night. "It is our responsibility to make sure things like this don't happen, and we failed to meet that responsibility."

A privately held company founded in 2009 and based in Mountain View, Calif., Quora says its mission "is to share and grow the world's knowledge." Users can pose questions on the site about a variety of issues, and other users can answer them. In September, Quora reported it had surpassed 300 million unique visitors a month.

The "is nothing like" the massive one announced Friday by Marriott International Inc. but it still raises concerns, said Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest group.

The Marriott breach lasted four years and compromised the information of as many as 500 million of its hotel guests worldwide. For about 327 million, the stolen data may have included important personal information such as birth dates and passport numbers. Dixon said that type of data made the breach much more significant than Quora's, which did not include such information.

"The main issue here is going to be phishing," Dixon said of Quora's breach. Phishing emails seek to trick a person into clicking on a link that allows the scammer to get personal information or puts malware programs on the person's computer.

The phishing potential could be significant if data that Quora imported from other networks included things like contact lists or full Facebook profiles. Quora did not specify the type of involved.

"This is just a really great reminder for everyone that if you're going to chat on or any other websites, it's a great idea to have a throwaway email not connected to your work and not your primary personal email," Dixon said. "It just makes all the sense in the world to not make it your favorite email. If it's hacked, you delete it."

Quora discovered Friday that a "malicious third party" had gained unauthorized access to one of its systems. "We're very sorry for any concern or inconvenience this may cause," D'Angelo said.

The company is still investigating the incident and has "retained a leading digital forensics and security firm to assist us," he said.

Quora is notifying users whose data have been compromised, logging them out of the site and invalidating their passwords.

"While the passwords were encrypted ... it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so," D'Angelo said.

Explore further: The Marriott breach compared with past security breakdowns

Related Stories

The Marriott breach compared with past security breakdowns

November 30, 2018

Marriott's revelation that as many as 500 million guests may have been affected by a data breach at Starwood hotels, which it bought two years ago, ranks among the largest hacks ever. It is not clear if some of those included ...

So you stayed at a Starwood hotel: Tips on data breach

November 30, 2018

If you stayed at one of Marriott's Starwood hotels in recent years, hackers might have information on your address, credit card and even your passport. Some of this can be used for identity theft, as hackers create bank and ...

Password breach spreads beyond LinkedIn

June 7, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

Recommended for you

Privacy becomes a selling point at tech show

January 7, 2019

Apple is not among the exhibitors at the 2019 Consumer Electronics Show, but that didn't prevent the iPhone maker from sending a message to attendees on a large billboard.

China's Huawei unveils chip for global big data market

January 7, 2019

Huawei Technologies Ltd. showed off a new processor chip for data centers and cloud computing Monday, expanding into new and growing markets despite Western warnings the company might be a security risk.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.