Question-and-answer website Quora has been hacked, with the names and email addresses of 100 million user compromised.
The breach also included encrypted passwords, and questions people had asked. In a statement, Quora said the situation had been “contained”.
In a similar manner, last week, hotel chain Marriott admitted that personal information of about 500 million guests had been stolen.
Quora released a security update in a question-and-answer format. “We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party,” it began.
Also Read: Email Spam: Symptoms and prevention
“We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials.”
It said it was also in the process of notifying all affected customers and reassured them that it was “highly unlikely” that the incident would lead to identity theft “as we do not collect sensitive information like credit card or social security numbers”.
Security expert Troy Hunt was one of those affected. He tweeted: “Short of not using online services at all, there’s simply nothing you can do to ‘not’ be in a breach, there’s only things you can do to minimise the impact when it inevitably happens.”
Users were asked to reset their password and will be prompted to do so when they next try to log in. Those wishing to delete their account can do so in the settings section and the deactivation will happen immediately.
Also Read: History of World Wide Web
Ilia Kolochenko, CEO at High-Tech Bridge suggests that the type of data stolen and some of the other scant detail about the breach “may indicate that the intrusion has occurred via one of Quora’s web applications” or alternatively “an attack against a trusted third party, such as one of their data processors.
” While it’s a little early to be drawing any definitive conclusions regarding the breach methodology, truth be told, there is one firm conclusion that can be drawn: Quora should expect significant legal ramifications.
“The financial penalties they will be required to pay to authorities and damages in individual lawsuits and settlements will likely be economically bearable” Kolochenko concludes “nonetheless, the total amount can be huge.”
Some users commented on Twitter that they had forgotten they used the service.
One tweeted: “Nothing like a data breach to remind me that I have a Quora account.”