Quora discloses major breach that affects 100 million users

Share

The company said in a statement released Monday that it discovered the "unauthorized access to one of our systems by a malicious third party", on Friday.

Moreover, Quora has also hinted at the possibility of the leak of public content like questions, comments, answers, as well as non-public content like downvotes, direct messages, and answer requests.

The breach did not affect questions and answers written anonymously, it added.

It said it was also in the process of notifying all affected customers and reassured them that it was "highly unlikely" that the incident would lead to identity theft "as we do not collect sensitive information like credit card or social security numbers".

"This is one of the most significant data breaches in history given the size - about 500 million people are affected - and the sensitivity of the personal information that was stolen", said CreditCards.com industry analyst Ted Rossman.

That's because to access a Quora page, you have to log in - either by creating an new account or by linking your Google or Facebook account.

More news: Trump plane collects Bush casket for days-long homage

On the security threat, Quora said, "We believe we've identified the root cause and taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements".

Quora, the platform that help users to connect about various topics, reported a security breach. It has logged all users out, and forcing all accounts with a password to reset that password. The email is an exact copy of the post on the Quora website. Account information, including name, email address, encrypted passwords and other information of users may have been compromised, it added.

If you want to simply delete your Quora account, visit your account privacy settings and choose "Delete Account".

A measure, Quora said it has taken to prevent further damage to all its users. And, if you used the same password for any other services, I'd be changing those too.

A digital forensics agency has been brought in, and law enforcement has been notified of the breach.

Share