Quora reveals data breach that affected over 100 million users

Stolen data included names, direct messages, and encrypted passwords

By Rob Thubron December 4, 2018, 7:08

Quora reveals data breach that affected over 100 million users

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Facepalm: Cybersecurity attacks are like buses: none come along for ages, then three arrive at once. Following the recent hack on the Marriott hotel chain and the attempted infiltration of Dell's customer data, Quora has announced that over 100 million of its user records were stolen last week.

The question-and-answer website wrote that "unauthorized access to one of our systems by a malicious third party" occurred on November 30. Pilfered data included: "name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users; public content and actions, e.g. questions, answers, comments, upvotes; Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)"

Even though the passwords were salted and hashed, Quora is advising anyone who uses the same credentials across other websites to change them as a precautionary measure.

Quora Chief Executive Officer Adam D'Angelo said the company has "taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements."

Quora is logging out everyone who may have been affected by the breach and, if used as an authentication method, is invalidating their passwords. The company has informed law enforcement of the incident and is currently in the process of notifying users.

"It is our responsibility to make sure things like this don't happen, and we failed to meet that responsibility," added D'Angelo. The statement echos that of Arne Sorenson, Marriott's President and Chief Executive Officer, who apologized after the hotel chain revealed 500 million of its customers had been affected by hackers who had long been able to infiltrate its reservation database.

Dell was also hit by a recent cybersecurity attack, though it claims no user data was stolen. The company performed a global reset of all Dell.com passwords and required a multi-step authentication process before users could regain access to their accounts.

Image credit: shutterstock

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot