Quora, a knowledge sharing website, recently reported a security breach to its users. The breach is expected to affect approximately 100 million users’ accounts on November 30, 2018.
The social platform wrote in its blog that a third party exposed users’ sensitive information, including names, email addresses, IP addresses, user IDs, encrypted passwords, user account settings, personalization data, public actions, and content such as questions, answers, comments, blog posts, and upvotes.
“On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials,” Adam D’Angelo, the CEO of Quora, stated in a blog post.
Describing the incident as an identity theft, Adam D’Angelo, Quora CEO, stated that the company is taking additional steps to improve the security standards. “While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company,” he wrote.
Quora clarified that the questions and answers that written anonymously were not affected by the breach and they’re notifying the users whose data was compromised.
“Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords. We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing, and we’ll continue to make security improvements,” D’Angelo added.