Quora CEO apologises after security breach affects 100 mn users

Quora CEO Adam D'Angelo has apologised after hackers stole personal information of over 100 million of its users including their names, email addresses and encrypted passwords.

Quora discovered the breach on November 30. It found that the breach happened as a result of unauthorised access to one of our systems by a "malicious third party".

"It is our responsibility to make sure things like this don't happen, and we failed to meet that responsibility," D'Angelo wrote in a blog post on Monday night.

Quora was founded by D'Angelo, a former Chief Technology Officer at Facebook, in 2009. The Mountain View, California-headquartered company has over 300 million monthly unique visitors.

The company is in the process of sending emails to users whose data have been compromised and logging out all Quora users who may have been affected.

"We believe we've identified the root cause and taken steps to address the issue, although our investigation is ongoing and we'll continue to make security improvements," D'Angelo said.

"In addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials," he added.

The company said that questions and answers that were written anonymously were not affected by this breach as the platform does not store the identities of people who post anonymous content.

"We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future," the Quora CEO added.

"We're very sorry for any concern or inconvenience this may cause," he said.

The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.

The site's data breach is the latest in a series of high-profile hacks. Hotel chain Marriott last week said that its guest reservation system was hacked, potentially exposing data on 500 million guests.

The information in the Marriott breach, the biggest since the Yahoo hack in 2013 affecting three billion customer accounts, included names, addresses, phone numbers, email addresses, passport numbers and travel details.

"Hackers are deliberately targeting companies and websites which hold massive amounts of customer data - as we've seen with the recent major attacks against airlines and hotel chains," a spokesperson of Check Point Software Technologies said in a statement.

"In the Quora breach, there was, luckily, no financial information associated with the exposed user data, and the stolen passwords were scrambled, but users should consider changing their passwords on other accounts if they have used the same password as for their Quora account," the spokesperson added.

"For further protecting your data, you can also delete your Quora account, if you want. If you have created the account using Google or Facebook, you can generate the account password," added Prabesh Choudhary, Director at Cryptus Cyber Security Pvt. Ltd.

Between last week's Marriot hack of 500 million accounts and Quora's 100 million accounts, at least 16 per cent of the total Internet users' data has been compromised, pointed out Saket Modi, Co-Founder and CEO of Lucideus, an enterprise cybersecurity platforms company.

--IANS

gb/sed