Question-and-answer website Quora has issued an urgent warning to 100 million of its users, notifying them that hackers now have their data as a result of a breach.
“We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party,” reads the email, signed The Quora Team. “We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
Quora says it discovered the breach Friday and has since enlisted the help of leading digital forensics and security experts to get to the bottom of the issue. It has also notified authorities of the breach.
“We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements,” the company says.
The hackers obtained account and user information (name, email, IP, user ID, encrypted password, user account settings, personalization data), public actions and content (drafts, questions, answers, comments, blog posts, up-votes), data imported from linked networks (contacts, demographic information, interests, as well as non-public actions like answer requests, down-votes, and thanks). Anonymous users are not affected by the breach.
Quora said it is logging out all users who may have been affected in “an abundance of caution.” Affected users will also see their passwords invalidated, the company said, meaning they will have to set new passwords to continue using the service.
Users who have more specific questions about the breach can visit this FAQ.
In a blog post, Quora CEO Adam D’Angelo extended a personal apology to affected users on behalf of his company, saying:
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”
