The Quora team formally announced the breach on Monday, December 10th, 2018. They discovered the previous Friday that an “unauthorized third party” gained access to one of its core systems and stole user data on approximately half the site’s users, which amounts to about a hundred million users.
According to the company, the compromised data included:
- User name
- Real name (if different)
- Email address
- Passwords
- Any data that may have been imported from social networks linked to Quroa
- Non-public actions, including request, down votes, and private messages sent to other Quora users
A few things to note about the above: First, although passwords were stolen, they were hashed, which means that the hackers won’t be able to immediately crack them. Of course they eventually could, but the process will take time.
Second, social network data was only compromised for users who employ the “Facebook” or other social media sign-in option.
According to the company:
“We’re still investigating the precise causes, and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement authorities.”
The long and the short of it is that if you use Quora, there’s at least a 50/50 chance your password and other data was compromised. To be safe, change your password immediately.