The question and answer site Quora has released information about a data breach it recently suffered.
A post on its website reads:
“We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.”
According to Quora, approximately 100 million users might have been affected. Potentially compromised information includes:
- Account information, e.g. name, email address, encrypted password (hashed using bcrypt with a salt that varies for each user), data imported from linked networks when authorised by users;
- Public content and actions, e.g. questions, answers, comments, upvotes; and
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages).
Quora is in the process of notifying affected users, and is logging them out and invalidating their passwords.
The reaction from users has been a little different from usual, with many forgetting that they even had an account.
Nothing like a data breach to remind me that I have a Quora account
— Aaron Patterson (@tenderlove) December 4, 2018
Quora has stated that it’s alerted law enforcement and has a digital forensics and security firm on the case.