14 DAY TRIAL // Quora announced a data breach incident which led to the compromise of roughly 100 million users' personal information, ranging from names and email addresses to encrypted passwords and direct messages.
"We first learned of the issue on November 30. Upon learning about the issue, we immediately launched a comprehensive investigation and remediation effort," says Quora's breach notification.
Quora discovered that a third party who managed to gain access to its computing systems compromised the data of an indeterminate number of users, with some of them impacted more than others.
The knowledge sharing platform notified impacted users about the security incident and will also provide future updates detailing new information it finds about the breach via email.
"We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing," also said Quora. "We have notified law enforcement officials."
According to the breach alert published on Quora's help website, the data breach exposed user account information (names, email addresses, encrypted passwords, data imported from linked networks when authorized by users), and public user content and actions such as comments, questions, and upvotes.
Impacted users logged out, reset passwords prompts to be displayed on next login attempt
Furthermore, the attackers were also able to access non-public user-generated content such as direct messages to other users, answer requests, and downvotes.
Quora also added that "Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content."
The knowledge sharing platform also stated that the risk of identity theft for impacted users following this security incident is minimal given that "sensitive personal information like credit card or social security numbers" was not collected from its users.
Quora also logged out all affected users, prompting them to reset their passwords on the next login event. For users that haven't received a password reset prompt message, Quora provides a "How do I change or reset my password on Quora?" support page.
