100 million users have data exposed
Question-and-answer site Quora has announced that 100 million users’ data may have been compromised after it was hacked.
According to a blog post by the company’s chief executive Adam D’Angelo, Quora has informed law enforcement officials and brought in cyber security specialists to help them address the breach.
The US-based firm first learned of the issue last Friday, although did not go public with the announcement until after the weekend.
This delay is longer than the duty on organisations operating in the UK and EU which must report personal data breaches to authorities within 72 hours of becoming aware of the breach.
Marriott hotels also revealed on Friday that the FBI was investigating a data breach of its systems which exposed the details of up to 500 million guests.
Quora said it was in the process of notifying users whose data has been compromised and listed the types of information which may have been accessed.
The data included: “Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorised by user.
“Public content and actions, e.g. questions, answers, comments, upvotes [as well as] non-public content and actions, e.g. answer requests, downvotes, direct messages.”
The company added: “The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.”
Quora states that it will update affected users “with relevant details via email” and encouraged anyone with concerns to read the security update FAQ.
Although the passwords were encrypted, the company adds: “It is generally a best practice to not reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.”