Quora, one of the largest Q&A portals on the Internet, announced today that hackers had gained access to its servers, stealing information from about 100 million users, representing almost half of the site's total users.
The company revealed the breach today, but said it discovered the hack last Friday. Quora is still investigating the incident, but said it has already found that hackers have access to the following information:
- Account information (e.g. name, email address, encrypted passwords, data entered from connected networks authorized by users.)
- Public content and actions (eg questions, answers, comments, upvotes)
- Non-public content and actions (eg reply requests, downvotes, instant messages)
"The vast majority of content was already public on Quora, but the theft of accounts and other personal information is serious." said Adam D'Angelo, CEO of Quora.
"Questions and answers posted anonymously are not affected by the breach, as we do not store the identities of people who post anonymous content," he added.
"It is extremely unlikely that this will lead to identity theft, as we do not collect sensitive personal information such as credit cards or social security numbers," the company later added to a help page on the incident.
The site has already taken action, disconnecting any users who may have been affected. All users who used a password to log in to their account will have to choose a new one to log in.
Quora said it was in the process of informing all users it thought had been affected by the hack, and said not all users had been affected.
The website also said it had already taken steps to prevent any future unauthorized access to its servers. The company said it was still investigating the causes of the breach with a task force, and informed authorities immediately.