December 04, 2018

Quora says 100 million users hit by security breach


On December 4, question-and-answer website “Quora” reported unauthorized access to one of its systems by a “malicious third party”, which compromised the personal data of nearly 100 million users.

Quora’s CEO Adam D’Angelo said, “We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”

The data allegedly compromised includes: Account and user information (name, email, IP, user ID, encrypted password, user account settings, personalization data); Public actions and content, including drafts (questions, answers, comments, blog posts, upvotes); Data imported from linked networks when authorized by users (contacts, demographic information, interests, access tokens [now invalidated]); Non-public actions (answer requests, downvotes, thanks); and Non-public content (direct messages, suggested edits).

In this regard, in order to prevent any additional damage, Quora stated that it is now logging out all users who may have been affected, and if they use a password as their authentication method, Quora is invalidating their passwords.

D’Angelo said, "The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious... We are in the process of notifying users whose data has been compromised.”

According to Quora, the data breach did not affect questions and answers that are written anonymously because it does not store the identities of people who make anonymous postings. The firm has, however, informed the law enforcement officials of the issue. Quora added, “We have retained a leading digital forensics and security firm to assist us.”

Subsequently, D'Angelo said, "We believe we've identified the root cause and taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements."

Related Post

latest News

  • SC Asks Govt To Set Up Panels To Vet Late Abortion Pleas

    On July 28, the Supreme Court rejected the plea of a 10-year-old rape victim to terminate her 32 weeks old pregnancy and asked the government to set u...

    Read More
  • FTA's online registration of excise tax

    In a major step underlining the UAE’s leading position in the application of a world-class tax system, the Federal Tax Authority (FTA) announced tha...

    Read More
  • NCLT Reserves Order On Grant Of Waiver By Mistry Family For April 17

    On April 4, the National Company Law Tribunal (NCLT) concluded the hearing of a plea filed by Cyrus Mistry's family-owned companies to waive eligibili...

    Read More