Skip to main content

Quora hit by data breach affecting around 100 million users

Quora has been targeted by hackers in a data breach affecting around 100 million of its users.

The Mountain View, California-based company that operates a question-and-answer website said on Monday, December 3 that it recently discovered unauthorized access to its computer systems.

Data that “may have been compromised” includes account information such as names, email addresses, and encrypted (hashed) passwords. It also includes non-public content and actions; for example, answer requests, downvotes, and direct messages, though Quora says that only a “low percentage” of its users have ever sent or received such messages. Other stolen data may include records of public content and actions such as posted questions, answers, comments, and upvotes.

In a message on its website, the company explained that while the stolen passwords shouldn’t be decipherable, as a precautionary measure, users should change the password of other online services if it’s the same one that’s used with their Quora account.

The company was keen to point out that the “overwhelming majority of the content accessed was already public on Quora,” but admitted that “the compromise of account and other private information is serious.”

Quora said it’s “working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future,” adding that it was sorry for any inconvenience caused.

For more information on the Quora breach, check out its specially setup help page.

Contacting affected users

Quora is in the process of emailing affected users with “relevant details,” though recipients of any emails purporting to come from Quora should be cautious about clicking on links within the message in case cybercriminals attempt to exploit the hack with their own phishing attacks.

As its investigation continues, Quora said it’s already taking steps to improve its security.

“Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords,” it said.

The company believes it has identified the root cause of the breach and has already taken steps to address it, but added that “our investigation is ongoing and we’ll continue to make security improvements.”

“We need to work very hard to make sure this does not happen again,” Quora wrote in its post. “We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”

The troubling incident comes just days after hotel giant Marriott revealed a hack affecting as many as 500 million of its customers, and a week after computer company Dell said it spotted an effort by cybercriminals to access its servers, though it declined to say how many of its customers may have been affected.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
This hacker site sold 24 million people’s data — until now
A social security card in shrink-wrap paper.

An underground illegal online marketplace that contained and sold sensitive information pertaining to individuals based out of the U.S. has been shut down.

SSNDOB, which saw people's names, Social Security numbers, and dates of birth being collected and sold, has been successfully taken offline due to a joint operation from U.S. authorities and their counterparts in Cyprus.

Read more
Cash App breach impacts millions of U.S. customers
Cash App for mobile payments.

Block, formerly Square, has revealed a security breach impacting up to 8.2 million current and former users of Cash App, its mobile payment and investment service.

The San Francisco-based company said in a recent filing with the U.S. Securities and Exchange Commission that the breach was an inside job allegedly carried out by a former employee.

Read more
Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more