Private details of about 100 million users of Quora have been compromised after a “malicious third party” gained unauthorised access to the website’s system. In a post on Monday, the knowledge-sharing website said account information such as names, email addresses, encrypted passwords and data imported from linked networks may have been compromised.
Chief Executive Officer Adam D’Angelo said Quora is in the process of informing the affected users. “Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords,” he said.
The exact cause of the breach, which was detected on Friday, is being investigated. A digital forensics and security company is helping the Quora team. The website has also notified law enforcement officials.
“While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company,” D’Angelo said.
Anonymous content was not affected by the breach as Quora does not store identities when users post anonymous content, he said. “The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” he said.