Question and answer website Quora has announced a data breach.
In a statement posted on its blog, the company said: “We recently discovered that some user data was compromised as a result of unauthorised access to one of our systems by a malicious third party. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
For approximately 100 million Quora users, the following information may have been compromised:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorised by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages
Questions and answers that were written anonymously were not affected by the breach as Quora does not store the identities of those who post anonymous content.
The company said it is still investigating the precise causes of the breach and, in addition to the work being conducted by internal security teams, it has retained a leading digital forensics and security firm to assist us.
Law enforcement officials have also been notified.
It added: “While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.”