MANILA, Philippines – Popular question-and-answer website Quora was hacked, the website announced on its blog, Tuesday, December 4. 

100 million users are affected, with the hackers making off with important account information including names, email addresses, hashed passwords, and “data imported from linked networks when authorized by users.”

Hashed passwords are passwords stored in a site’s database that are encrypted so that they aren’t stored in human-readable plain text form.  

Quora, like many sites today, offer the option to log in with a Google or Facebook account, which may have been the “linked networks” that their blog is referring to. They have not yet provided more information as to what imported data may have been compromised.  

Quora said they discovered the hack on Friday, November 30, but didn’t say when the actual breach happened. Investigations are still ongoing, and they, along with law enforcement and a third-party digital forensics firm, have yet to find out who was behind the hack. Quora only described the attackers as a “malicious third party,” although they have also mentioned that they’ve “identified the root cause.”   

Other stolen data, password changes

Public content and actions such as questions, answers, comments, and upvotes, and non-public content and actions such as answer requests, downvotes, and direct messages were also acquired by hackers.  

Questions and answers written anonymously were not affected, as Quora explained that they don’t store identities of people who post anonymous content.  

Current actions being taken by Quora include notification of the compromised users, and logging out all Quora users who may have been affected and an invalidation of their passwords.

Quora has set up a help center on this link. They also said that it’s “highly unlikely” that the incident will result in identity theft because they don’t collect personal information such as credit card or social security numbers. 

They do advise users to change their passwords for other accounts where they use the same password as on Quora. One possibility is that the hackers – should they be able to decipher the stolen encrypted passwords – will try to use the passwords on other websites that a person logs on to, possibly including sites that contain more sensitive information such as credit card details. – Rappler.com