The latest revelations made in the official blog of Quora states that, a staggering 100 million user accounts have been compromised by an unknown third-party. Quora is a one of the top community based question-and-answers websites and is widely considered as an informative platform to learn and share.
The company has revealed that it has retained a security consulting firm to assess the damage and cover the existing loopholes. The security update published by Quora points to the fact that the breach was detected on Friday, November 30 and contingency measures were immediately enforced since then. The matter is under investigation and the law enforcement officials have been notified.
According to initial damage assessment, the breach has compromised account information which includes, imported data from Linkedin accounts, encrypted passwords, user name and email address. Quora being a community based website is often used to answer questions raised by it members. It is now certain that hackers got access to data that specifies actions made by Quora users to raise and answer questions. Other non-public content and actions such as down votes and direct messages have also been exposed.
However serious the breach is said to be, it has not affected people who posted questions and answers anonymously on the website. This also sheds light on the fact that Quora does not store personal information of the people who post anonymously.
Although the matter is under intense investigation, it is believed that Quora might have detected the root-cause of the breach and is in the process of notifying users about it. As a contingency measure formulated by the company, affected users are being logged out and their passwords are being invalidated if they use their password as an authentication method.
Quora has also given an option for its users to access the information that might have been compromised pertaining to their accounts. The company has promised to revert back in 72 hours once they receive a request by a user who would want to access the copy of the posted data. This also includes the personal data that the company holds. This information can be attained by sending a request to email@example.com. Apart from this, the company has also requested its users to avoid re-using passwords on multiple social media and other platforms as a precautionary measure.