Quora gets hacked, millions of users affected

The incident compromised information about 100 million users

Quora, the world’s most widely used question and answer website, suffered a massive data breach in which an attacker, still unknown, got unauthorized access to potentially sensitive information of around 100 million users of the platform, as reported by specialists in digital forensics from the International Institute of Cyber Security.

Quora administrators unveiled the incident this Monday night after their digital forensics team discovered that an unidentified third party managed to gain unauthorized access to one of their systems and stole data of approximately 100 million users, equal to almost half of their total users.

Adam D’Angelo, CEO and Quora co-founder, reported that the data involved in the incident include:

  • Account information: names, email address, encrypted passwords and data imported from social networks linked to Quora, such as Facebook or Twitter
  • Content and public actions: questions, answers or comments
  • Content and non-public actions: Response requests and messages (note that very few Quora users use the messaging function)

Quora said it stores the passwords to prevent them from being cracked, but as an additional security measure, the company decided to close the session of any possibly compromised user, so they will be forced to reset their passwords. Quora assures that they are still investigating the incident, and says that it is working as fast as possible to prevent this kind of inconvenience in the future.

“We still unknown the exact cause of the incident. In addition to the work of our IT teams, we find ourselves collaborating with digital forensics firms. We have also notified the competent authorities,” D’Angelo said in a statement.

The company is notifying security breach victims via email, but invites users concerned about the status of their information to visit the FAQ section on their website to get the firsts news about the incident.

This data breach joins a list of recent high profile cyberattacks. Just a few days ago Marriott, the world’s largest hotel group, confirmed a data breach on its Starwood brand systems, which would have exposed the data of about 500 million customers, in what represents the second largest data breach in history, only behind what happened on Yahoo in 2016, where around 3 billion users were affected.

Also, specialists in digital forensics reported that last September Facebook suffered a hacking incident in which the attackers accessed data from about 30 million users, thanks to the exploitation of a flaw in the function “View as” available on any Facebook profile.