Quora, a popular online question-and-answer forum, announced last night that 100 million users may have had their data compromised in a breach.
Quora CEO, Adam D’Angelo, said in his official statement that “some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority. Read more here: https://t.co/uwbdMjoM1v
— Quora (@Quora) December 3, 2018
What Quora user data was compromised?
While the investigation is ongoing, Quora is taking measures to contain the incident and limit the fallout. For now, we know that the following information may have been compromised:
- Account information, e.g. name, email address, encrypted (hashed) passwords, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages
Quora has suggested that any content posted anonymously has not been affected by this breach, as the company doesn’t store the identities of people who post anonymous content. And while a lot of the content exposed in the breach was already public on their website, account information is valuable, and users should take the necessary steps to update the information associated with their account.
What does that mean? In this case, even though the exposed passwords were encrypted, it’s a best practice to change your Quora password as well as any passwords for other accounts that reuse or are similar to your Quora password.
Online breaches continue to accelerate. Just in the last couple months, Facebook was hacked, Google was hacked, USPS was hacked, and Marriott was hacked. It’s clear that these hacks and data breaches aren’t going away anytime soon. The best way to protect yourself is to ensure you’re using different passwords for every online account and to turn on two-factor authentication for your most important accounts.
If you have any questions, feel free to leave a comment below, and we’ll answer as soon as we can!