Days after the massive Marriott data breach, which affected 500 million guests of the Marriott International hotel chain, a similarly huge Quora data leak has shocked the world. Question-and-answer portal Quora, a California-based website, has reported a data breach that has compromised personal information, including name, email address, and encrypted passwords, of over 100 million Quora users.

The breach was discovered by Quora on November 30 after it found that some user data was compromised by a third party who gained unauthorised access to one of its systems.

Quora tweeted: “We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority.”

Quora CEO Adam D’Angelo said, “We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.”

“We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future. We’re very sorry for any concern or inconvenience this may cause,” he added.

D’Angelo, providing Quora security update in his blog post, said the user data was compromised as a result of unauthorised access to one of the systems by a malicious third party.

He said the company was working fast to assess and investigate the situation further and take the appropriate steps to prevent such incidents in the future, he added.

According to D’Angelo, the kind of personal information that may have been compromised include:

  •  Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorised by users
  •  Public content and actions, e.g. questions, answers, comments, upvotes
  •  Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)

The CEO said Quora was taking remedial measures and additional steps to improve the security of the platform.

The website is in the process of notifying users whose data has been compromised. They have also logged out all Quora users who may have been affected, and, they are cancelling their passwords if they used one as their authentication method. D’Angelo said users were being asked to check the Quora Security Update – FAQ page where more detailed information about more specific questions has been included.

Quora would update the affected users with relevant details via email, he said.

Quora was co-founded by former Facebook employees Adam D’Angelo and Charlie Cheever in June 2009.