Quora disclosed Monday night that a security breach discovered last week exposed the data of up to 100 million users. In an email sent to users, the company said, “On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us.”
According to the email, information that may have been compromised includes names, emails, user ID’s, encrypted passwords, account settings, personalization data, public actions and content, imported data such as contacts, demographic information, interests, and access tokens, and non-public actions.
Quora said that law enforcement has been notified and an internal investigation is ongoing. In addition to notifying users by email, the company is logging affected users out of active sessions and invalidating passwords. They also said Monday night that they believe they have “identified the root cause and taken steps to address the issue.”
TechCrunch has reported that “some access tokens associated with Stripe, the payment processing service used by the company were ‘temporarily compromised’”, while Quora has confirmed that no financial information was compromised and access tokens have been reset for users with Stripe accounts.
In a blog post on Monday night, CEO Adam D’Angelo said, “It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private.”
D’Angelo said the compromise was “a result of unauthorized access to one of our systems by a malicious third party.” Affected users whose passwords were invalidated will be prompted to reset their password the next time they login. The company has set up a FAQ page for users with answers to questions pertaining to the security breach, which can be found here.
Quora’s breach comes on the heels of another massive breach on Friday, as Marriott announced that an intrusion of its Starwood reservation system allowed hackers to abscond with the personal and financial information of 500 million guests.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.