Quora’s Systems has recently been breached by a malicious third party. According to reports the breach has comprised information about 100 Million users.
Quora team discovered the Hack has taken place on Friday, 30th November. After the initial analysis of the hack, Quora team came to the conclusion that an unidentified third party gained access to one of its systems. Quora team has already notified the law enforcement about the breach. Not only that, but the team has also hired a leading digital forensics and security firm.
According to the Blog, roughly 100 Million users were affected by the breach. The hacked information included account information as well as Public and Non-Public content.
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
The blog also wrote, “Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.”
However, the Quora team has not yet talked about how exactly the breach happened or the exact method used to access the Quora systems. Quora CEO Adam D’Angelo has said they are in the process of acquiring enough understanding on how exactly the breach took place. Quora team will notify the users whose accounts were compromised. Although they have not started doing that yet. Apart from that, they are taking the following measures in the wake of the hack.
- Notifying users whose data has been compromised.
- Out of an abundance of caution, Quora is logging out all Quora users who may have been affected, and, if they use a password as their authentication method, they are invalidating their passwords.
- Quora believe they’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and they’ll continue to make security improvements.
Wrapping Up!
According to the Blog post, roughly 100 Million user’s password was compromised due to the breach. Facebook’s recent hack which affected somewhere around 87 Million users can be argued to be less severe than this one. Why? Because if we consider the actual number of active monthly users of Quora, the figure is quiet shocking. Quora has a monthly active user of 300 Million users. Which means almost one third of the entire Quora community is affected by the hack which is a big concern.