Yet another incident of a massive data breach has come up, and the affected platform is Quora this time. In a blog post penned by Quora CEO Adam D’Angelo, the Q&A platform said a “malicious third party” gained unauthorized access to Quora’s systems on Friday. Its internal security teams and a “leading digital forensics and security form” are currently investigating the breach.
According to the company, some user data was compromised by a third party who gained unauthorized access to one of Quora’s systems. The company was able to discover this breach last Friday. Quora is still investigating the precise causes and in addition to the work being conducted by the company’s internal security teams, they have also taken services of “a leading digital forensics and security firm” Relevant enforcement authorities have also be notified.
In terms of what information might have gotten out, here’s some literature straight from Angelo’s post. For approximately 100 million Quora users, the following information may have been compromised:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Questions and answers that were written anonymously were not affected, largely because details of anonymous users aren’t really stored on the systems.
In terms of financial information, another article on Quora’s help center states that “it is confident that no partner’s financial information has been compromised.” Some access tokens associated with Stripe — Quora’s payment partner — were “temporarily compromised,” but the company confirmed with Stripe that no access tokens have been used since the incident and no financial information was breached.