News

Quora data breach FAQ: What 100 million hacked users need to know

Hackers have stolen information about 100 million Quora users. Here's what they took and what you need to do next.

Brad Chacos Dec 05th 2018 A-A+
data-breach2.jpg

Another week, another massive hack. Last week it was Marriott Starwood hotels; this week, it’s question-and-answer website Quora’s turn. Late Monday night, Quora revealed that “a malicious third party” gained access to its systems and swiped the account data of approximately 100 million users. That includes personally identifiable information, like your name and email address, as well as details about the actions you’ve taken on Quora itself, and data from other sites you’ve linked to your Quora account.

It’s bad, and the Quora hack affects a lot of folks. Here’s everything you need to know.

So what happened?

Quora is still investigating, but CEO Adam D’Angelo says that “On Friday [November 30] we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems.” Further details weren’t provided yet.

What Quora user data was taken?

Pretty much everything associated with your account.

D’Angelo says that the hackers may have pilfered 100 million users’ names, email addresses, and encrypted passwords. Any data imported from another social network, such as contacts and demographic information, could have been compromised as well. The hackers may also have records of every public and private action you’ve taken on Quora, including comments, upvotes and downvotes, questions, and direct messages.

Anything posted anonymously shouldn’t have been included, as D’Angelo says Quora does “not store the identities of people who post anonymous content.”

How do I know if my Quora account was hacked?

Quora says it’s notifying everybody who was hacked, and logging out every account that may have been affected. If you use a password for authentication, your password will also be reset.

Any further information discovered during Quora’s investigation will be shared with affected users via email.

What should I do to stay safe?

If you have a Quora account, and especially if Quora confirmed you’ve been hacked, you should change your password. And if you reuse your passwords across multiple sites, you’ll want to change your password at those as well. Reusing passwords is an awful security practice though; if you use a password manager, it can help you create strong, unique passwords for every site and service you visit. PCWorld’s roundup of the best password managers can help you find a great one.

Since Quora doesn’t collect deeply personal information, such as credit card or social security numbers, you probably don’t have to worry about identity theft. Nonetheless, you might want to read our guide on what to do after a data breach for additional steps to consider taking.

Finally, this is also a reminder that you want to practice best security practices at all times, because you never know when or where breaches will happen. A password manager and unique logins keep your accounts firewalled from each other when events like this happen; a solid security suite can lock down your local data. PCWorld’s guide to the best Windows antivirus software can help you find your best option.