The personal data of some 100 million people who have used Quora, a popular question and answer website, has been compromised, the company disclosed Monday.
“We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party,” wrote Quora CEO Adam D’Angelo in an online post.
“We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future,” he added.
The intrusion — which was discovered Friday, D’Angelo noted — placed the following information of Quora users at risk:
Account information, such as name, email address, hashed password and data imported from linked networks when authorized by users;
1. Public content and actions, such as questions, answers, comments and “upvotes”;
2. Non-public content and actions, such as answer requests, downvotes and direct messages.
Compared to other large data breaches — such as the breach at the Marriott hotel chain last week, which affected some 500 million customers and enabled intruders to steal credit card numbers, dates of birth and passport numbers — the Quora attack is relatively mild, said Ted Rossman, an industry analyst with Creditcards.com in Austin, Texas.
“The Quora breach seems more contained,” he told TechNewsWorld. “It was information that was already public or things that are not that sensitive, like email addresses.”
Chilling Effect on Sharing
Theft of data at the site also could have other consequences for Quora.
“Since this is a knowledge-sharing platform, one of the risks of an incident like this is it could deter people from engaging in that kind of activity, which is productive and useful,” said Thomas Jackson, chair of the technology practice group at Phillips Nizer, a law firm in New York City.