Quora announced tonight that one of their systems was hacked and has led to the exposure of approximately 100 million user's data to an unauthorized third-party.
Quora discovered this breach on Friday, November 30th, when saw that user's data was accessed by an unauthorized third-party. Quora stated that they then contacted law enforcement and hired a digital forensics and security consulting company to determine how this breach occurred and who may have conducted the attack.
"We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party," stated Quora's security update. "We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials. We are notifying affected Quora users. We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future. Protecting our users’ information and fostering an environment built on trust remains our top priority so that together we can continue to share and grow the world’s knowledge."
The data that was exposed for the 100 million users includes:
It is not currently known how the attacker gained access to their systems. Quora has started emailing users who were impacted by this breach. These emails do not contain any further information than what was already given.
BleepingComputer has contacted Quora for answers to further questions, but had not heard back at the time of this publication.
Quora is estimated to be the 95th largest site in the world with close to 700 million visits per month, so the amount of users affected is staggering. With that said, there is thankfully no financial information associated with the exposed user data. Instead users need to be concerned that their will be attempts to use their information to try to gain access at other sites that they have accounts.
Due to this, it is necessary for all users to change any passwords at other sites that use the same password as Quora. It is also strongly suggested that unique passwords are used at every site you visit in order to minimize the impact of a breach like this.
Update 12/3/18 9:40PM EST: Updated to include information about emails that are going out.