Today via a blogpost Quora have announced that they have suffered from data breach as they found one of their systems was accessed by the malicious third party.
On the blogpost, Quora noted that on Friday they found some of its user's data was compromised by a third party who gained unauthorized access to one of their systems. By this breach incident, about 100 million Quora users have been affected.
What data was affected?As the investigation is ongoing, so we can't say the actual number of users affected but, according to Quora, about 100 Million users data have been compromised.
The compromised data includes the following -
- Account information, e.g. name, email address, encrypted password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Quora team says they will notify users who were affected in this breach by email. Along with that team is investigating this issue and had also notified the incident to law enforcement.
For further security measures Quora team said they are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, service are invalidating their passwords.
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.All the Quora users passwords were encrypted with the salt hash algorithm (is a good practice) which makes the attacker difficult to decode it. But then also it is highly recommended to every user to immediately change their account password.