Quora reports data breach affecting 100 million users

December 7, 2018 by Jim Puzzanghera
Credit: CC0 Public Domain

Quora, a question-and-answer website, has reported a data breach affecting about 100 million users.

In a blog post, Chief Executive Adam D'Angelo said user account information such as user names, email addresses, encrypted passwords and data imported from linked networks "may have been compromised."

Users' histories—including public questions and answers, as well as comments and votes, along with nonpublic actions such as answer requests and direct messages—also might have been compromised.

"We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future," D'Angelo wrote Monday night. "It is our responsibility to make sure things like this don't happen, and we failed to meet that responsibility."

A privately held company founded in 2009 and based in Mountain View, Calif., Quora says its mission "is to share and grow the world's knowledge." Users can pose questions on the site about a variety of issues, and other users can answer them. In September, Quora reported it had surpassed 300 million unique visitors a month.

The "is nothing like" the massive one announced Friday by Marriott International Inc. but it still raises concerns, said Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest group.

The Marriott breach lasted four years and compromised the information of as many as 500 million of its hotel guests worldwide. For about 327 million, the stolen data may have included important personal information such as birth dates and passport numbers. Dixon said that type of data made the breach much more significant than Quora's, which did not include such information.

"The main issue here is going to be phishing," Dixon said of Quora's breach. Phishing emails seek to trick a person into clicking on a link that allows the scammer to get personal information or puts malware programs on the person's computer.

The phishing potential could be significant if data that Quora imported from other networks included things like contact lists or full Facebook profiles. Quora did not specify the type of involved.

"This is just a really great reminder for everyone that if you're going to chat on or any other websites, it's a great idea to have a throwaway email not connected to your work and not your primary personal email," Dixon said. "It just makes all the sense in the world to not make it your favorite email. If it's hacked, you delete it."

Quora discovered Friday that a "malicious third party" had gained unauthorized access to one of its systems. "We're very sorry for any concern or inconvenience this may cause," D'Angelo said.

The company is still investigating the incident and has "retained a leading digital forensics and security firm to assist us," he said.

Quora is notifying users whose data have been compromised, logging them out of the site and invalidating their passwords.

"While the passwords were encrypted ... it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so," D'Angelo said.

Explore further: The Marriott breach compared with past security breakdowns

Related Stories

The Marriott breach compared with past security breakdowns

November 30, 2018

Marriott's revelation that as many as 500 million guests may have been affected by a data breach at Starwood hotels, which it bought two years ago, ranks among the largest hacks ever. It is not clear if some of those included ...

So you stayed at a Starwood hotel: Tips on data breach

November 30, 2018

If you stayed at one of Marriott's Starwood hotels in recent years, hackers might have information on your address, credit card and even your passport. Some of this can be used for identity theft, as hackers create bank and ...

Password breach spreads beyond LinkedIn

June 7, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

Recommended for you

Matter waves and quantum splinters

March 25, 2019

Physicists in the United States, Austria and Brazil have shown that shaking ultracold Bose-Einstein condensates (BECs) can cause them to either divide into uniform segments or shatter into unpredictable splinters, depending ...

How tree diversity regulates invading forest pests

March 25, 2019

A national-scale study of U.S. forests found strong relationships between the diversity of native tree species and the number of nonnative pests that pose economic and ecological threats to the nation's forests.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.