CEO says breach discovered Friday; chances of identity theft called ‘highly unlikely’
Quora, the community question-and-answer website, said Monday that a data breach may have compromised the personal information of about 100 million users.
“We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party,” Quora Chief Executive Adam D’Angelo said in a blog post late Monday. “We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
D’Angelo said the breach was discovered Friday, and that the company is working with a digital forensics team and law enforcement.
The affected data includes users’ email addresses, encrypted passwords and public actions, such as comments and upvotes. In a FAQ, Quora said “It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers.”
Users who may be affected are being alerted by email, D’Angelo said, and all accounts that may have been compromised have had their passwords invalidated, so users will need to change them.
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility,” D’Angelo wrote. “We need to work very hard to make sure this does not happen again.”
The breach is among the largest reported this year. Last week, hotel giant Marriott International Inc. MAR, +3.91% said up to 500 million Starwood guests may have had their personal data exposed since 2014, and in June, a Florida-based data-aggregation company called Exactis reportedly had a database containing personal data on 230 million consumers exposed. The largest data breach is believed to be a 2013 hack against Yahoo, which reportedly exposed personal information from around 3 billion accounts.