Quora breach exposes data from more than 100 million users

The Q&A site was attacked by an "unauthorized third party" who accessed personal information of users such as emails, passwords and direct messages

5Dec

On December 4, Quora revealed to users that it had experienced a data breach which exposed the private information of more than 100 million users. The data breach was discovered by Quora on November 30.

In an email to users, the Q&A site claimed that the hack was as a result of an "unauthorized access to our systems by a malicious third party". It claimed that while it was still investigating the breach, steps had already been taken to mitigate the damage done and "prevent this type of incident from happening in the future [is its] top priority as a company".


Visit Innovation Enterprise's Chief Data Officer Summit, part of the DATAx New York festival, on December 12–13, 2018


The types of information that had been accessed included account and user information such as names, email addresses, IP, user ID and encrypted passwords; public actions on the site such as questions, answers, comments and blog posts and; data imported from networks linked to Quora accounts such as contacts and demographic information.

Quora is one of the many tech companies and social media platforms which have been hacked in recent years. Uber has been levied fines by both US and European courts for its 2016 data breach, while Amazon experienced a data breach just days before this year's Black Friday.

In an effort to mitigate the effects of the breach, other than notifying all its users of the possible leak of their information, "Out of an abundance of caution", the company has logged out all users and "if they use a password as their authentication method, we are invalidating their passwords".

In a statement, Quora took full responsibility for the breach: "We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There's little hope of sharing and growing the world's knowledge if those doing so cannot feel safe and secure and cannot trust that their information will remain private."

Concerned users can delete their Quora accounts by logging into the website and accessing their privacy settings. Users who remain concerned or are curious to know what else they can do to ensure their data is safe should access Quora’s help center or read this guide by G2 Crowd.

How it departments should evolve to deal with cyber attackssmall

Read next:

How IT departments should evolve to deal with cyber-attacks

i