Quora said it discovered last week that hackers broke into its systems and were able to make off with data on up to 100 million users.
Quora is a question-and-answer website where questions are asked, answered, edited, and organized by its community of users in the form of opinions. Its publisher, Quora Inc., is based in Mountain View, California. The company was founded in June 2009, and the website was made available to the public on June 21, 2010.
That data stolen on Quora could have included a user’s name, email address, and an encrypted version of their password. If a user imported data from another social network, like their contacts or demographic information, that could have been taken too.
Some private actions on the site may have been taken as well. That includes requests for answers, downvotes, and direct messages. Content posted anonymously should remain anonymous, however, as Quora says it does not store identifiable information for those posts.
“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” Quora CEO Adam D’Angelo wrote in a blog post this evening. The company is also sending out emails to affected users.
Quora says it has notified law enforcement and hired a digital forensics firm to investigate what happened. For now, it’s only revealing that a “a malicious third party” was able to gain “unauthorised access to one of our systems” and that it discovered the breach on Friday.
At 100 million users, this is a very substantial breach and one that likely represents a significant portion of Quora’s registered users. In 2015, D’Angelo said the site received 200 million unique visitors each month, which probably comes primarily from search traffic.
D’Angelo says Quora is trying to “contain the incident” and prevent another breach from happening. “We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
Large-scale data breaches have been an unfortunately common occurrence in the last few years, as huge databases of information built up over years and years get breached, and hackers can pull large swathes away at once. Just last week, a Marriott breach leaked personal info on up to 500 million guests; in September, a hacker gathered personal information from up to 29 million Facebook accounts.