Quora hacked, about 100 million user accounts leaked

By on
Quora hacked, about 100 million user accounts leaked

Chief executive apologises and promises transparency.

Popular question and answer forum Quora is the latest to own up to a mass hack that saw account information for around 100 million users being compromised.

Quora chief executive Adam d'Angelo, who founded the forum after leaving Facebook where he was the chief technology officer, said the account information taken includes names, email addresses, encrypted passwords and data imported from linked networks when users authorise these.

Users internet protocol (IP) addresses as recorded by Quora were also leaked.

While the passwords were hashed with a unique salt for each Quora user, d'Angelo advised those who had re-used credentials across multiple services to change them as best practice.

The hack was discovered over the weekend Australian time by Quora.

On top of account details, public content and actions on the site such comments and upvotes were also compromised. 

Also compromised was non-public content such as answer requests, downvotes and direct messages, d'Angelo said.

Quora has started notifying users whose data has been compromised, and will log them out of the site "out of an abundance of caution". 

Users who authenticated on Quora with passwords will have these invalidated as well, d'Angelo said.

d'Angelo apologised for the breach, and acknowledged that Quora had failed its users when it comes to keeping their data safe.

"It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility.

We recognise that in order to maintain user trust, we need to work very hard to make sure this does not happen again.

There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private," the Quora founder wrote.

Quora said it's highly unlikely that the hack will lead to identity theft as the site does not collect sensitive personal information such as credit card or social security numbers.

The forum believes it has identified the root cause that allowed the hack, and is working with law enforcement on the issue.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
privacy quora security
In Partnership With

Most Read Articles

Australia will now headhunt tech talent for permanent residency

Australia will now headhunt tech talent for permanent residency
NBN Co's FTTC and HFC build costs rise again

NBN Co's FTTC and HFC build costs rise again
Aussie banks warn customers after fresh PayID data breach

Aussie banks warn customers after fresh PayID data breach
Optus shifts 100k premises out of NBN 12Mbps in three months

Optus shifts 100k premises out of NBN 12Mbps in three months
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?
Follow these steps to prevent targeted attacks
Follow these steps to prevent targeted attacks
Your mobile devices may not be secure – learn how to fix that
Your mobile devices may not be secure – learn how to fix that

Events

Log In

Username / Email:
Password:
  |  Forgot your password?