Quora Announces Data Breach of 100 Million Users

The data includes email addresses and hashed passwords, as well as already public information.

|
Dec 4 2018, 4:02pm

Image: Cathryn Virginia/Motherboard

Quora, perhaps the last place on the internet you can ask a question and get a half decent response, has suffered a data breach. On Tuesday, the social media company announced hackers had stolen details on some 100 million accounts, including email addresses, hashed passwords, and non-public information, such as direct messages.

A hash is a cryptographic representation of data, meaning that a company doesn’t need to store your actual password, but a scrambled version of it. Potentially, this means hackers may have a harder time taking that data and actually logging into accounts.

“We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed,” Quora’s announcement reads.

The stolen data also includes a lot of information that was already technically public, such as users’ questions, answers, comments, and upvotes, the announcement adds.

Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Quora says it discovered the breach last Friday, although it’s not totally clear from the announcement when the hackers actually struck the company.

“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust,” Quora’s announcement reads.

The lesson: Quora has pushed a password reset, so if you’re a member and use a password as your authentication method, rather than, say, logging in via Facebook, you should now be logged out. Fortunately, this is the step that victims should take: change their Quora password, but also on any other sites where they used the same credentials. If a hacker has one of your passwords from one breach, they may then go a try that on your other accounts too.

Subscribe to our new cybersecurity podcast, CYBER.