Quora, one of the largest question-and-answer portals on the Internet, said today that hackers gained access to its servers and stole information on approximately 100 million of its users, which represents almost half of the site's total userbase.
The company disclosed the breach today but said it discovered the hack last week, on Friday. Quora is still investigating the incident but said it already determined that hackers accessed the following types of user information:
- Account information (e.g., name, email address, encrypted password, data imported from linked networks when authorized by users)
- Public content and actions (e.g., questions, answers, comments, upvotes)
- Non-public content and actions (e.g., answer requests, downvotes, direct messages)
"The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious," said Adam D'Angelo, Quora CEO.
"Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content," he added.
"It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers," the company added later today in a help page regarding the incident.
The site has already taken steps to log out all Quora users who may have been affected. Users who used a password to secure their account have already had their password invalidated and will need to choose a new one the next time they log in.
Quora said it's in the process of notifying all users who it believes were impacted by the hack. The company said that not all users were affected and that "some were impacted more than others."
The tech site also said it already took steps to "contain the incident" and prevent future unauthorized access to its servers. The company said it's still looking into the cause of the breach together with a digital forensics firm. Quora also notified law enforcement.
This is the second hack of a major tech firm in the past week after Dell announced a similar breach of its Dell.com online accounts last week.
More data breach coverage:
- Amazon leaks users' email addresses due to 'technical error'
- ElasticSearch server exposed the personal data of over 57 million US citizens
- Popular Dark Web hosting provider got hacked, 6,500 sites down
- Vision Direct reveals customer credit card leak, fake Google script may be to blame
- Security firm doxxes hacker who sold MySpace and Dropbox databases in 2016
- AWS rolls out new security feature to prevent accidental S3 data leaks
- Cathay Pacific breach leaks personal data on 9.4 million people CNET
- Why 31% of data breaches lead to employees getting fired TechRepublic