Quora has reported a security breach which may have compromised data of around 100 million users. Users have been emailed about the incident. Adam D’Angelo, CEO, Quora mentioned in a blog post, the malicious third party gained unauthorized access to Quora systems on Friday. Internal security teams and leading digital forensic and security agencies are investigating the breach currently. The law enforcement agencies have also been informed.
Quora has identified the root cause of the security breach and has taken the necessary steps to address the problem. Further investigations are going on and the company assured it will take adequate steps to beef up its security arrangements. The company clarified that anonymous questions and answers were not affected by the breach as it does not store the identity of the users who make anonymous postings.
All users whose data has been compromised have been informed by Quora and are notified to log out of their accounts as a precautionary measure. The passwords of the affected users are also being reset. The company has also set up a detailed FAQ about the breach on its website.
According to Quora, the following Personal Information might have been accessed:
- Account and personal information like Name, Email, IP, User ID, Encrypted Password, User Account Settings, Personalization Data
- Related content and public action like Questions, Answers, Comments, Blog Posts, Upvotes.
- Data imported from linked networks when authorized by you like contacts, demographic information, interests, access tokens (now invalidated)
- Non-public actions which include answer requests, downvotes, thanks
- Non-public content which includes direct messages suggested edits
Quora in yet another article has made it clear no financial information has been compromised. Though some access tokens associated with Stripe – Payment processing service used by Quora, was temporarily compromised. The company though has confirmed with Stripe no access tokens have been used after the incident and no financial information was hacked. Users with Stripe accounts have also had their access tokens reset.
- 11-Year Old Hacks Replica Of Florida State Website
- SEC Discloses Hackers Stealing Data
- Cyber Security Breaches