Published: Tue, December 04, 2018
Finance | By Loren Pratt

100 million users credentials stolen

100 million users credentials stolen

"We have also notified law enforcement officials", Quora co-founder and CEO Adam D'Angelo wrote in the blog post.

However, it says account and user information such as name, email, IP, user ID, encrypted password, user account settings, personalisation data, public actions and content including drafts, data imported from linked networks you've authorised and non-public actions like answer requests and downvotes were compromised.

Quora, one of the largest question-and-answer portals on the Internet, said today that hackers gained access to its servers and stole information on approximately 100 million of its users, which represents nearly half of the site's total userbase.

They do advise users to change their passwords for other accounts where they use the same password as on Quora.


For everyone else, there's this advice: "While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so". Quora has already begun emailing affected users.

"It is our responsibility to make sure things like this don't happen, and we failed to meet that responsibility".

"We have retained a leading digital forensics and security firm to assist us", Mr D'Angelo said. The decision not to tie anonymous content to the identities of the people posting it is a smart one that will protect the identities of many people who discussed sensitive personal matters. Quora claims that a low percentage of users have sent or received direct messages. Anonymously authored questions and answers were reportedly not affected by the breach, and the company said it doesn't store information from anonymous users. The specific hash function matters greatly.

Like this: