Quora has been hacked. The result is that up to 100 million Quora users may have had their data accessed by an as-yet-unknown third party. Quora is actively investigating the incident, and has already taken various steps to improve its security.

For the uninitiated, Quora is a Q&A website which pairs people who have questions with people who have the answers. It's a fascinating website, and you're guaranteed to learn something new every time you visit. Including that Quora itself has suffered a data breach.

Quora Reveals It Has Been Hacked

Quora CEO Adam D'Angelo disclosed the incident in this Quora Security Update. In the post, he revealed that "some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party."

The hacker gained unauthorized access to one of Quora's systems. And certain information for "approximately 100 million Quora users" may have been compromised. This information includes:

  • The name, email address, and encrypted password you have associated with your account. Thankfully, Quora has stated that passwords are "hashed using bcrypt with a salt that varies for each user".
  • Public content and actions, which means the questions, answers, comments, and upvotes you have made on the site.
  • Non-public content and actions, which means answer requests, downvotes, and direct messages which aren't otherwise visible.

There is also a risk that "data imported from linked networks when authorized by users" may have been accessed. Quora lets users sign in using Google or Facebook, so this could potentially spell disaster. Thankfully, there's no financial information at risk here.

Change Your Quora Password, ASAP

Quora has both its internal security team and a digital forensics company investigating the incident. And it has also notified law enforcement. The company is currently notifying all users whose data has been compromised in the hack.

As is always best practice after a data breach, you should change your password ASAP. In fact, Quora has logged all affected users out of the site, and if you're one of them you'll need to change your password when prompted.