Over 100 million users' data compromised, says Quora!
A "Malicious Third Party" hacked about 100 millions of user data from Quora by unauthorized access to its core system, a knowledge-sharing website said this on Monday.
"We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party." - this is the mail from Quora to all of its users and requested them to change their password soon.
The user's data are basically account information, names, email addresses, IP addresses, user IDs, encrypted passwords, user account settings, personalization data, public actions and content (including drafts) such as questions, answers, comments, blog posts and up-votes. "If you are a Quora user who contributed to the systems anonymously then your data will not have been impacted simply because it does not store identity data of anonymous posters. It's worth noting that the passwords that have been compromised were encrypted and hashed with a salt that will vary from user to user," Quora said.
The investigation is being carried out by the internal Quora security team as well as a third party digital forensics company. Law enforcement has of course also been informed. As for the steps being taken, these include the disclosure notification that has already started hitting inboxes around the world and a forced password reset for all users, who will also have been logged out of the system now. Although Quora is not making any public statements with further detail at this point in time, it does say that it has "identified the root cause" of the breach and has "taken steps to address the issue."
The company said that it is logging out all Quora users who may have been affected to prevent further damage. "We are in the process of notifying users whose data has been compromised," Quora CEO Adam D'Angelo said in a blog post. "This confirms that all 100 million impacted users will be notified by email, so if you don't get one then you are likely OK. That said, you should still reset your password as a matter of course whether Quora has validated it or not in my never humble opinion. You can do this by visiting settings if not prompted to do so when trying to log in. Click on the 'Change Password' link and enter your current password which will then enable you to change it."
The breach, discovered on Friday, did not affect question and answers that are written anonymously, the company said, adding that it has also notified law enforcement officials.
The Quora Inc-owned website was founded in 2009 by D'Angelo and Charlie Cheever, two former Facebook employees
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.