Account data of one hundred million users Quora hacked

The data of more than one hundred million users of question-and-answer site Quora have been stolen. Quora describes the hack as an unauthorized access to one of our systems by a third party. The hack took place on November 30th.

Quora reports that in an extensive blog. Last Friday it was discovered that some user data has been compromised. How exactly that is possible is not yet known. The company is still investigating that. Despite the fact that the investigation is still in progress, Quora does indicate that it has taken the necessary steps to limit the incident and to prevent more hacks from taking place.

The hacked data

Data has been stolen from an estimated 100 million Quora users. It’s about the following things:

• Account information, including name, email address, encrypted (hashed) passwords, data imported from linked networks with the user’s permission.
• Public content and actions, including questions, answers, comments and upvotes.
• Non-public content and actions, including requests for answers, downvotes, private messages. According to Quora, users hardly make use of the latter possibility.

Questions and answers that have been asked anonymously have not been hacked because the company does not store the identities of people who post content anonymously. However, the theft of all account data is a serious problem.

What Quora does

Quora has announced in its blog that it is currently contacting all affected users. Users who are affected will receive an email with relevant details and the mandatory advice to change their password. Quora logs out all users who may be affected and will ask them to change their passwords.

The problem that makes the hack possible seems to have been found by now. We are taking steps to address this problem, although our research continues and we will continue to make safety improvements.