A security incident at Quora potentially compromised the personal information and other details of approximately 100 million users.
On 30 November, the question-and-answer website identified that a third party had gained access to one of its systems and compromised the data of 100 million users. The information potentially exposed by the incident included users' names, email addresses, hashed passwords and data imported from linked networks. The security event might have also revealed users' public and non-public activity including their questions, answer requests, comments and direct messages. After discovering the unauthorized activity, Quora launched an investigation with its own internal security teams, retained a digital forensics firm and notified law enforcement. It also invalidated the passwords of all affected users as it began making security improvements to its systems and notifying users whose data might have been compromised. Adam D'Angelo, chief executive officer at Quora, expressed remorse for the inconvenience caused by the incident. As he wrote in a security update:
It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.
Affected users should consider using these experts' tips to protect their accounts with a strong, unique password. If they used their potentially compromised password with any of their other web accounts, they should change those combinations as soon as possible. A password manager can help them remember all of these new combinations.
