Quora announced Monday night a “malicious third party” gained access to one of its computer systems, potentially exposing the account data, including private messages, of about 100 million users.
The company said the data breach was discovered Friday and the situation had been contained.
The crowdsourced question-and-answer site said the breach was unlikely to result in identity theft since Quora doesn’t collect social security numbers or financial information.
The company said it was in the process of notifying users whose data had been compromised.
Quora is headquartered in Mountain View, California, but the company operates in EU countries, making it subject to 72-hour public disclosure window required under Europe’s new data protection regulations.
In a blog post, CEO Adam D’Angelo said questions and answers that were written anonymously were not affected by this breach and the company does not store the identities of people who post anonymous content.
“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” D’Angelo wrote.
The disclosure comes a week after Marriott admitted it was the target of an attack by hackers. The hotel chain said the data of more than 500 million people was exposed and some 327 million people may have had their passport numbers stolen.
Quora said its attackers may have accessed the account information of users, including email addresses, encrypted passwords, and data imported from linked networks when authorized by users. The company said it was logging out all users who may have been affected and invalidating their passwords out of caution.
“We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust,” D’Angelo wrote.
He said the direct messaging feature targeted was not used by many Quora users.
Photo: Getty Images