Today’s big data breach has been announced by Q&A site Quora, affecting over 100 million registered users. What did the “unauthorized third party” get? According to CEO Adam D’Angelo:
Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
Public content and actions, e.g. questions, answers, comments, upvotes
Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Quora found the breach on November 30th and said it is still investigating. It has logged all users out, and forcing all accounts with a password to reset that password. It also said that the password data was salted and hashed to prevent attackers from using it, but to be cautious, users should also reset passwords on their other accounts if they shared the same one. There are emails going out notifying users of the breach, but right now all of the information available is organized in this FAQ.
We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority. Read more here: https://t.co/uwbdMjoM1v
— Quora (@Quora) December 3, 2018