Question-and-answer site Quora is the latest company to suffer a major data breach. It discovered Friday that a “malicious” third-party had obtained access to 100 million accounts’ usernames, email addresses, password hashes and — potentially — data linked from other social networks. The breach also included public contributions, such as users’ questions, answers, and upvotes, as well as private contributions, such as downvotes and private messages.
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private,” Quora CEO Adam D’Angelo wrote on the company blog late Monday.
D’Angelo said the company has notified law enforcement and retained a digital forensics and security firm. Quora is also contacting all users whose information was compromised and forcing people who use passwords to reset them.
In 2017, Quora was valued at $1.8 billion following a funding round that raised $85 million. In September, the site reported it had surpassed 300 million unique monthly visitors. But that’s not the same as registered users, a figure the company has not released. The Verge suspects the 100 million accounts affected by the breach likely account for a substantial portion of its total user base. Quora’s FAQ about the hack says “Not all Quora users are affected, and some were impacted more than others.”
