Q&A website Quora has been hacked with around 100 million user accounts possibly being compromised.
The news was confirmed by Quora’s CEO, Adam D’Angelo in a blog post which said that a ‘malicious third party’ hacked its way into the system and obtained names, email address, encrypted (hashed) password, data imported from linked networks when authorized by users, public content and actions, e.g. questions, answers, comments, upvotes, non-public content and actions, e.g. answer requests, downvotes, direct messages.
He added that the ‘overwhelming majority’ of the content that was accessed was already public on Quora, but the compromise of account and other private information is ‘serious’.
D’Angelo said the company is doing what it can to ‘contain the incident’. That includes notifying breached users and logging out all users that may have been breached. It was also said that the root problem has been identified, and that the company has ‘taken steps to address the issue’.
A digital forensics agency has been brought in, and law enforcement has been notified of the breach.
D’Angelo says that passwords should be safe, given that they were hashed, but still warned users not to reuse old passwords.
“While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.”
Image Credit: Balefire / Shutterstock