Data from 100M Quora users may have been accessed

Question-and-answer website suffers data breach

Approximately 100 million users of Quora may have had their data accessed following an unauthorised access to one of Quora's systems by a "malicious third party," the knowledge-sharing website said on Monday.

Account information including name, email address, encrypted password and data imported from linked networks when authorised by users may have been compromised, it said.

The company said it is logging out all Quora users who may have been affected to prevent further damage. Users will receive more information from the company via email.

Quora also suggested users to change their passwords.

"We are in the process of notifying users whose data has been compromised," Quora CEO Adam D'Angelo said in a blog post.

The breach, discovered on 30 November, also affected public content and actions, and non-public content and actions.

The company said not all Quora users were affected, and some were impacted more than others. 

Quora said the unauthorised access did not affect question and answers that were written anonymously, the company said, adding that it has also notified law enforcement officials.

The company is investigating the causes and said that in addition to the work being conducted by its internal security teams, it has retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.

Quora said it has taken steps to contain the incident without going into details.

"The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious," the company said in the blog post.

The Quora-owned website was founded in 2009 by D'Angelo and Charlie Cheever, two former Facebook employees.

(Additional reporting by Bhargav Acharya in Bengaluru; Editing by Gopakumar Warrier)