Quora discloses mega breach impacting 100 million users

Account info, passwords, emails, private messages, and user votes were exposed.
Written by Catalin Cimpanu, Contributor

Quora, one of the largest question-and-answer portals on the Internet, said today that hackers gained access to its servers and stole information on approximately 100 million of its users, which represents almost half of the site's total userbase.

The company disclosed the breach today but said it discovered the hack last week, on Friday. Quora is still investigating the incident but said it already determined that hackers accessed the following types of user information:

  • Account information (e.g., name, email address, encrypted password, data imported from linked networks when authorized by users)
  • Public content and actions (e.g., questions, answers, comments, upvotes)
  • Non-public content and actions (e.g., answer requests, downvotes, direct messages)

"The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious," said Adam D'Angelo, Quora CEO.

"Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content," he added.

"It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers," the company added later today in a help page regarding the incident.

The site has already taken steps to log out all Quora users who may have been affected. Users who used a password to secure their account have already had their password invalidated and will need to choose a new one the next time they log in.

Quora said it's in the process of notifying all users who it believes were impacted by the hack. The company said that not all users were affected and that "some were impacted more than others."

The tech site also said it already took steps to "contain the incident" and prevent future unauthorized access to its servers. The company said it's still looking into the cause of the breach together with a digital forensics firm. Quora also notified law enforcement.

This is the second hack of a major tech firm in the past week after Dell announced a similar breach of its Dell.com online accounts last week.

These are the worst hacks, cyberattacks, and data breaches of 2018

More data breach coverage:

Editorial standards