Quora states that last Friday the discovery was that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that’s almost half of its entire user base.
The personal user information compromised in the breach includes:
– Account information: names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorized by users.
– Public content and actions, like questions, answers, comments, and upvotes.
– Non-public content and actions, including answer requests, downvotes, direct and messages (note that a low percentage of Quora users have sent or received such messages).
Quora said it stores salted and hashed passwords to prevent them from cracking, but as a precaution, the company has logged all compromised users out of their Quora accounts, and forcing them to reset their passwords.