Passwords from 100m Quora users stolen in data breach

Names, email addresses and direct messages have been compromised as well.

About 100m users of Quora were affected by unauthorised access to one of its systems by a "malicious third party," the knowledge-sharing website said on Monday. It also disclosed that account information, including names, email addresses and encrypted passwords may have all been compromised. If a user imported data from another social network, like their contacts or demographic information, that could have been affected, too.

The website is popular for sharing questions and answers by members, often anonymously. However, direct messages sent between users may have been also affected, as well as requests for answers and downvotes. The company said people should change their passwords if they use the same ones across different services. It said it is logging out all Quora users who may have been affected to prevent further damage.

"We are in the process of notifying users whose data has been compromised," Quora CEO Adam D’Angelo wrote in a blog post last night.

"The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” he added. "We have retained a leading digital forensics and security firm to assist us."

Quora bills itself as "a place where you can ask questions you care about and get answers that are amazing." People can post a question to the platform like "What are some amazing facts about Apple, the company?" or "What is the ultimate sandwich?" — and see what answers other users come up with.The website was founded in 2009 by D'Angelo and Charlie Cheever, two former Facebook employees. 

Unfortunately, Quora is not the first and it won't be the last website to suffer from such an attack. Large scale data breaches have been a quite common occurrence in the last few years, as huge databases of information built up over years and years gets breached and hackers are able to pull large swathes away at once. Just last week, a hotel chain Marriott breach leaked personal info on up to 500m guests. Meanwhile, in September, a hacker gathered personal information from up to 29m Facebook accounts. Yet, the biggest data breach of all time is still considered to be the one that Yahoo suffered by in 2013. At the time it affected more than 3bn customer accounts worldwide.

Similar articles