Quora has recently announced that it has discovered that last week hackers broke into its systems and were able to make off with data on up to 100 million users. That data could have included a user’s name, email address, and an encrypted version of their password. If a user imported data from another social network, like their contacts or demographic information, that could have been taken too.
Some private actions on the site may have been taken as well. That includes requests for answers, down votes, and direct messages. Content posted anonymously should remain anonymous, however, as Quora says it does not store identifiable information for those posts.
“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” Quora CEO Adam D’Angelo wrote in a blog post this evening. The company is also sending out emails to affected users.
Quora says it has notified law enforcement and hired a digital forensics firm to investigate what happened. For now, it’s only revealing that a a malicious third party was able to gain unauthorized access to one of our systems and that it discovered the breach on Friday.
At 100 million users, this is a very substantial breach and one that likely represents a major portion of Quora’s registered users. In 2015, D’Angelo said the site received 200 million unique visitors each month, which likely comes primarily from search traffic.
D’Angelo says Quora is trying to “contain the incident” and prevent another breach from happening. “We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”