Quora Security Breach: What You Need To Know

Quora was affected by unauthorized access to one of its systems.

Someone's taken a wander through the systems of question-and-answer website Quora, pilfering account details of 100 million users.

Quora said they discovered the hack on Friday, November 30, but didn't say when the actual breach happened.

The company said it is logging out all Quora users who may have been affected to prevent further damage.

All Quora users have been logged out and affected users will be forced to change their passwords when they next log in.

The account data involved included user IDs, email addresses, and (it's good to report, for once - El Reg) fully encrypted passwords.

Quora, like many sites today, offer the option to log in with a Google or Facebook account, which may have been the "linked networks" that their blog is referring to.

Quora said it's in the process of notifying all users who it believes were impacted by the hack.

The breach does not affect question and answers that are written anonymously because Quora does not store the identities of people who post anonymous content, according to the blog.

"We're still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us".

For everyone else, there's this advice: "While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so".

Quora said it's highly unlikely that the hack will lead to identity theft as the site does not collect sensitive personal information such as credit card or social security numbers.