Quora Security Breach: What You Need To Know

Mae Love
December 4, 2018

Quora was affected by unauthorized access to one of its systems.

Someone's taken a wander through the systems of question-and-answer website Quora, pilfering account details of 100 million users.

Quora said they discovered the hack on Friday, November 30, but didn't say when the actual breach happened.

The company said it is logging out all Quora users who may have been affected to prevent further damage.

All Quora users have been logged out and affected users will be forced to change their passwords when they next log in.

The account data involved included user IDs, email addresses, and (it's good to report, for once - El Reg) fully encrypted passwords.

Child Killed, 40 Injured When Football Team’s Bus Crashes in Arkansas
Authorities received a call around 2:40 a.m. (3:40 ET) and found the bus on its side near the Hot Springs exit on I-30. Orange Mound is a historically black neighborhood that unites around its highly competitive youth football program.

George HW Bush Remembered Locally
President George HW Bush has returned to Washington for a final time, to lie in state at the US Capitol. In a repost of the photo of Sully by his father's coffin, George W Bush said the dog would be missed.

Friends officially leaving Netflix on January 1
Now, the expiration date has been removed and Netflix CEO Ted Sarandos is speaking out about the reports. Television, it will be available in the USA and Canada through 2019.

Quora, like many sites today, offer the option to log in with a Google or Facebook account, which may have been the "linked networks" that their blog is referring to.

Quora said it's in the process of notifying all users who it believes were impacted by the hack.

The breach does not affect question and answers that are written anonymously because Quora does not store the identities of people who post anonymous content, according to the blog.

"We're still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us".

For everyone else, there's this advice: "While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so".

Quora said it's highly unlikely that the hack will lead to identity theft as the site does not collect sensitive personal information such as credit card or social security numbers.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER