Tuesday, May 17, 2022

Personal information of 100 million Quora users impacted by breach

What companies were among the biggest victims of hacks in 2018? Quora, the question and answer website.

The California-based company said Monday that about 100 million users who log in to use the service may have had their accounts compromised in a security breach. That’s about half its estimated total number of users.

That includes their name, email address, encrypted passwords, data imported from linked networks when authorized by users, their public content (such as questions, answers and comments) and non-public content and actions (such as answer requests and direct messages). Questions and answers that were written anonymously are not affected because the service doesn’t store the identities of those users.

Passwords of users who may have been affected have been reset and they will have to choose new ones the next time they log in.

In a question and answer page on Quora’s site the company said it is highly unlikely the breach will result in identity theft because Quora doesn’t collect sensitive personal information like credit card or social security numbers.

The company said it encrypts and salts passwords. If done properly that could reduce the odds the passwords will be unscrambled. But, like many sites, Quora allows users to log in using Facebook or Google credentials.

In a blog CEO Adam D’Angelo said the attack was noticed Nov. 30. “On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.”

“We believe we’ve identified the root cause and taken steps to address the issue.”

News of the breach comes after Marriott Hotels said personal information of some 500 million guests at its Starwood Hotel and Resort chains of hotels were exposed in a breach that began some four years ago.

“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility,” the CEO said in his statement. “We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.