Quora hacked, about 100 million user accounts leaked

By

Chief executive apologises and promises transparency.

Popular question and answer forum Quora is the latest to own up to a mass hack that saw account information for around 100 million users being compromised.

Quora hacked, about 100 million user accounts leaked

Quora chief executive Adam d'Angelo, who founded the forum after leaving Facebook where he was the chief technology officer, said the account information taken includes names, email addresses, encrypted passwords and data imported from linked networks when users authorise these.

Users internet protocol (IP) addresses as recorded by Quora were also leaked.

While the passwords were hashed with a unique salt for each Quora user, d'Angelo advised those who had re-used credentials across multiple services to change them as best practice.

The hack was discovered over the weekend Australian time by Quora.

On top of account details, public content and actions on the site such comments and upvotes were also compromised. 

Also compromised was non-public content such as answer requests, downvotes and direct messages, d'Angelo said.

Quora has started notifying users whose data has been compromised, and will log them out of the site "out of an abundance of caution". 

Users who authenticated on Quora with passwords will have these invalidated as well, d'Angelo said.

d'Angelo apologised for the breach, and acknowledged that Quora had failed its users when it comes to keeping their data safe.

"It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility.

We recognise that in order to maintain user trust, we need to work very hard to make sure this does not happen again.

There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private," the Quora founder wrote.

Quora said it's highly unlikely that the hack will lead to identity theft as the site does not collect sensitive personal information such as credit card or social security numbers.

The forum believes it has identified the root cause that allowed the hack, and is working with law enforcement on the issue.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?