Question and answer site Quora announced that it has been hit with a massive data breach that impacted 100 million of its users.
“We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future,” wrote Quora CEO Adam D'Angelo in a blog post.
On November 30, the company discovered that data had been compromised by a third party who gained unauthorized access to one of the site’s systems. In addition to its own security team, Quora has hired a leading digital forensics and security firm to assist in the investigation, as well as notified law enforcement officials.
The company explained that the information compromised includes account information, such as names, email addresses, encrypted passwords, and data imported from linked networks when authorized by users; public content and actions, such as questions, answers, comments, upvotes; and non-public content and actions, including answer requests, downvotes, and direct messages.
“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” added D’Angelo.
The company reported that it is in the process of notifying users whose data has been compromised, and is logging out all Quora users who may have been affected. If a person uses a password as their authentication method, the site is invalidating the password.
“We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements,” wrote D’Angelo. “We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.”