Quora hack may have hit 100m users as investigation under way

Knowledge sharing site said it discovered breach last week

Photograph: iStock

Photograph: iStock


Quora users are being advised to change their passwords after the company confirmed a hack had compromised up to 100 million accounts.

Among the information at risk were users ’ names, email addresses, encrypted passwords and data imported from linked networks. Hackers may also have had access to public and private content on the site, including answer requests and downvotes. However, anonymous questions, which are not linked to accounts, are not affected.

Quora blamed “unauthorised access to our systems by a malicious third party”, which it discovered on November 30th, and said it had begun an investigation into the breach. The company has also notified users and authorities about the incident.

“While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to prevent this type of event from happening in the future are ongoing and a top priority,” Quora said in a post on its website. “It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers.”

Affected users have been logged out of their accounts, and will be prompted to change their passwords when they log back in. For security reasons, users should also change the passwords of any other site where they may have used the same credentials.

Chief executive of password management firm Dashlane, Emmanuel Schalit, advised all Quora users to change their passwords.

“Because the extent of the hack is still unknown, if you’ve ever signed up for a Quora account, we recommend changing your password now. Similarly, as some of the compromised information includes data from linked social network accounts such as Facebook and Twitter, we would recommend changing your passwords on those services too,” he said. “Each of your online accounts should have a unique, complex password - this is especially true of accounts that contain sensitive personal information like social media accounts. You may not be able to control the security architecture of the digital services you use every day and that hold so much of your data, but you can take measures to make sure you have optimal password hygiene.”