Quora Data Breach: 100M Users Personal Data Stolen by Hackers

MASSIVE data breach alert! Quora.com has just been hacked. As a result of the hackers’ attack, potentially sensitive personal data of about 100M users has been accessed. The Typical Student team learned what to do if you are a registered Quora user.

Which User Information Was Stolen?

According to ARS Technica, passwords, full names, email addresses, linked networks data have been affected. Also, multiple non-public content and actions, including direct messages, answer requests and downvotes have been stolen.  Public content and actions, questions, answers, comments, and upvotes - all of that has been affected.

After Quora reps learned about the security breach on November 30, they immediately began emailing affected users. Quora’s Monday post stated as follows: “We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing, and we’ll continue to make security improvements.”  

Why Did Security Breach Happen?

The company didn’t go into details as to the format of the stolen password data. Quora only said password data was “encrypted” probably meaning the passwords were passed through a one-way hash function.

According to ARS Technica, “If it's one that uses fewer than 10,000 iterations of a fast algorithm such as MD5 with no cryptographic salt, hackers using off-the-shelf hardware and publicly available word lists can crack as many as 80% of the password hashes in a day or two.” As of now, Quora is working out the ways to minimize the damage caused by the data breach.