Quora reports 100 million users affected in data breach

Quora reports 100 million users affected in data breach

The kinds of information that was exposed include account information, like users' names, email addresses, passwords and data imported from linked networks (like Facebook and Google).

Also compromised was non-public content such as answer requests, downvotes and direct messages, d'Angelo said.

D'Angelo said the breach was discovered on Friday but it did not affect question and answers that are written anonymously. "While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so", said Adam D'Angelo, CEO, Quora on its blog.

"This is one of the most significant data breaches in history given the size - about 500 million people are affected - and the sensitivity of the personal information that was stolen", said CreditCards.com industry analyst Ted Rossman.

Quora discovered the breach on November 30.

Trump wants 'full and complete' sentence for his former lawyer Cohen
The tweet about Stone drew immediate criticism from several lawyers, who said it amounted to witness tampering . Michael Cohen plead guilty to two counts of campaign finance violations that are not a crime.

"We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing". Some unauthorised third-party gained access to the company's systems. Indian users were also affected and reported that they were logged out of their Quora accounts.

The company said it was working to notify affected users, and that it was logging out all those who may have been affected "out of an abundance of caution".

Ankush Johar, Director at enterprise security firm Infosec Ventures, said, "It is imperative for any firm that is operating at a Global or even National level to take necessary steps that ensure security".

Quora has posted an extensive FAQ explaining details of the data breach, but the FAQ doesn't mentioned how user passwords were hashed, i.e. run through a one-way encryption algorithm. The site will ask you to enter your password to confirm the deletion of the account. The email is an exact copy of the post on the Quora website.

Quora suggests that users change passwords of accounts that they use on other sites if the same password was used there as well.

Related Articles