You can’t exactly get a sense of the severity of the data breach that Quora disclosed late Monday, which came in the form of a blog post from CEO Adam D’Angelo titled “Quora Security Update.” Nevertheless, the “update” is in actuality a major data breach affecting users of the question-and-answer website — 100 million people, to be exact.
Quora says it’s already hired a “leading digital forensics and security firm” and notified law enforcement about the discovery it made Friday that user data had been compromised by an unidentified third party that gained unauthorized access to one of the company’s systems. According to Adam’s blog post, 100 million Quora users may have had a large swath of their information compromised, including:
- “Account information, e.g. name, email address, encrypted password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)”
His post goes on to note that questions and answers submitted anonymously aren’t affected by this breach, since Quora doesn’t store any identifying information related to people who post anonymous content.
A notification for consumers about a breach of this scope of data about our use of a service through “unauthorized access“ to your systems “by a malicious third party” isn’t a “security update,” @quora https://t.co/UcZG3NA2Tw It’s a data breach. I appreciate the email, & but wow. pic.twitter.com/gMym1HIjN0
— Alex Howard (@digiphile) December 4, 2018
Presumably, Quora power users are included in this breach, and there have certainly been a few celebrities who’ve used the platform over the years, like the 44th president of the United States. Quora has been sending out emails to users explaining what happened and steps being taken, such as the fact that the users have been logged out of their accounts and their passwords invalidated.
Adam’s post about the breach concludes with the following: “It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”
