Quora is a website where people go to get an answer to whatever random question is on their minds. Now, it appears that Quora users are going to be seeking some incredibly significant answers from the website. Quora has had a data breach that affected about 100 million users.
Quora acknowledged this data breach on The Quora Blog. The data breach was discovered on November 30, 2018. Quora says they discovered that some user data was compromised by a third party who gained unauthorized access to one of their systems. Overall, the turn around time between discovery of data breach – and telling users about it – was reasonably fast.
Quora says the investigation is still ongoing, and has apologized for any concern or inconvenience this may cause. For approximately 100 million Quora users, the following information may have been comprised:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages.)
Interestingly, Quora says that questions and answers that were written anonymously are not affected by this breach because they do not store the identities of people who post anonymous content.
How will you know if this data breach affected you? Quora is in the process of notifying users whose data has been compromised. If you were affected, Quora will update you with relevant details in an email.
In addition, Quora is logging out all Quora users who may have been affected by the data breach. Quora will invalidate the passwords of those who used a password as their identification. They recommend you change your passwords.
One thing to pay attention to is that this breach affected “data imported from linked networks when authorized by users”. You might want to change passwords on whatever networks you connected to Quora before the data breach.