Adam D’Angelo, CEO of Quora, a US social quiz website, posted a blog post titled “Quora Security Update” on Monday, revealing that the company suffered major security problems, affecting 100 million users. Quora said the company has hired a “leading digital forensics and security firm” and has reported it to law enforcement. They found on Friday that their user data was illegally obtained by an unidentified third party.
Adam said in a blog that about 100 million Quora users may have a large amount of information leaked, including:
- “Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)”
He also said that users who submitted questions and answers anonymously would not be affected because Quora did not store any information about anonymous users.
Quora has sent an email to the user explaining the matter to them and telling them what to do next. Adam said:
- “We’re in the process of notifying users whose data has been compromised.
- Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
- We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.
We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.”