Quora CEO Adam D’Angelo said that the firm discovered on Friday that some user data was compromised by a third party who gained unauthorized access to one of their systems. We take a closer look at what users can do now.
After Facebook data breach, knowledge sharing website Quora said that about 100 million users have been impacted by unauthorized access to one of its systems by a “malicious third party.” In a blog post written on its website, CEO Adam D’Angelo said that the firm discovered on Friday that some user data was compromised by a third party who gained unauthorized access to one of their systems. “We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials,” said Angelo in the post. We take a closer look at three key things to know about the data breach.
Account info, linked networks may be compromised
Quora said that for the 100 million users, account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users may have been compromised. Further, public content and actions, such as questions, answers, comments, upvotes on the site, as well as non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages) could have been affected. “Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content,” said CEO Adam D’Angelo.
Action taken by Quora
The firm said that it is in the process of notifying users whose data has been compromised. “Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords,” said the firm. Quora said that it will continue to work both internally and with outside experts to gain a full understanding of what happened and take any further action as needed.
What users can do
Notably, many users have received an email from Quora, detailing what went wrong, and what users can do to protect themselves. Quora says that it would be prudent to change password. “While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so,” said the company in its blog post. Notably, users can also request a copy of all their data from Quora.
“We will send you an archive of your content and personal data to your account’s primary email address on request. If you would like to request a copy of your data, you may do so by submitting a request via email to firstname.lastname@example.org. Please note that you will receive the archive within 72 hours of our team confirming that we have received your data request,” said the knowledge sharing website.