Was Quora hacked? That’s the kind of question the website Quora was designed to answer. The company has built a substantial web presence and user base around getting people’s questions answered. So, was Quora hacked? Well, you don’t need to go to Quora to find out because the answer is yes. The website was compromised resulting in 100 million user accounts being affected.
Quora discovered the security breach this past Friday, November 30th. The company says a third-party gained access to one of Quora’s systems. The company is investigating the cause of the breach and has notified law enforcement and hired security firms to conduct the investigation. Quora says the following information may have been compromised:
- Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
- Public content and actions, e.g. questions, answers, comments, upvotes
- Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
Quora says that questions and answers submitted anonymously were not affected by the breach. The company does not store the identities of users who post anonymous content. Quora also says that the majority of the content breached was already available publicly.
We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.
If you were affected, we will update you with relevant details via email.
While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.