Quora hacked, about 100 million user accounts leaked

By on
Quora hacked, about 100 million user accounts leaked

Chief executive apologises and promises transparency.

Popular question and answer forum Quora is the latest to own up to a mass hack that saw account information for around 100 million users being compromised.

Quora chief executive Adam d'Angelo, who founded the forum after leaving Facebook where he was the chief technology officer, said the account information taken includes names, email addresses, encrypted passwords and data imported from linked networks when users authorise these.

Users internet protocol (IP) addresses as recorded by Quora were also leaked.

While the passwords were hashed with a unique salt for each Quora user, d'Angelo advised those who had re-used credentials across multiple services to change them as best practice.

The hack was discovered over the weekend Australian time by Quora.

On top of account details, public content and actions on the site such comments and upvotes were also compromised. 

Also compromised was non-public content such as answer requests, downvotes and direct messages, d'Angelo said.

Quora has started notifying users whose data has been compromised, and will log them out of the site "out of an abundance of caution". 

Users who authenticated on Quora with passwords will have these invalidated as well, d'Angelo said.

d'Angelo apologised for the breach, and acknowledged that Quora had failed its users when it comes to keeping their data safe.

"It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility.

We recognise that in order to maintain user trust, we need to work very hard to make sure this does not happen again.

There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private," the Quora founder wrote.

Quora said it's highly unlikely that the hack will lead to identity theft as the site does not collect sensitive personal information such as credit card or social security numbers.

The forum believes it has identified the root cause that allowed the hack, and is working with law enforcement on the issue.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
privacy quora security

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it
Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer
Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability
Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?