Quora, the question-and-answer website, last week admitted that hackers had broken into its systems and stolen data on up to 100 million users.
The website said hackers had made off with data that could have included a user’s name, email address, and an encrypted version of their password. If a user imported data from another social network, like their contacts or demographic information, that could have been taken too.
Some private actions on the site may have been taken as well. That includes requests for answers, downvotes, and direct messages. Content posted anonymously should remain anonymous, however, as Quora says it does not store identifiable information for those posts.
“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” Quora CEO Adam D’Angelo wrote in a blog post following the reported hacking. The company is also sending out emails to affected users.
Quora says it has notified law enforcement and hired a digital forensics firm to investigate what happened. For now, it is only revealing that a “a malicious third party” was able to gain “unauthorized access to one of our systems” and that it discovered the breach last week.
At 100 million users, this is a very substantial breach and one that likely represents a major portion of Quora’s registered users. In 2015, D’Angelo said the site received 200 million unique visitors each month, which likely comes primarily from search traffic.
D’Angelo says Quora is trying to “contain the incident” and prevent another breach from happening. “We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”
In recent years, data breaches have become an unfortunately common occurrence as databases holding large volume of data get attacked and hackers gain access to huge amounts of private and often confidential data. Last week, the international hotel-chain, Marriott, reported that a breach of its database had leaked personal information of up to 500 million guests; in September, a hacker gained access to Facebook and made off with the private info of 29 million Facebook accounts.