Think back to all the times you Googled a question and tried to find the answer on Quora… did you create a login? (Supplied)
Popular Q&A website Quora has announced that the personal information of its 100 million-odd users was affected by “unauthorised access” to one of its systems by a “malicious third party”.
It other words, it was hacked.
Quora first realised it had been compromised on Friday and immediately began investigating. On Monday it began emailing affected users.
The thing was, a lot of people who were notified didn’t even know they had an account for the site.
That’s because to access a Quora page, you have to log in — either by creating an new account or by linking your Google or Facebook account.
Quora relies on the website traffic that comes from people searching questions in their browsers.
So a lot of users who’ve tried to read one Quora forum that one time only to be prompted to log in have probably never thought about their accounts again — until an email about a hack turned up in their inbox.
What’s more, there have been some reports that Quora was creating profiles for users based off their linked accounts without their knowledge.
Understandably the situation resulted in a few unhappy ‘users’ who felt that if Quora was going to demand personal information in exchange for access to its site, that information should be securely stored.
@storesyntax: Just wanted to say I would have never registered an account if your site didn’t push for it so hard.
@TMichael88: Poor form on the data breach @Quora. It’s absurd enough that I need an account to simply READ your content, and you can’t even provide a basic level of security. #quorafail
@SamCarvalho: One of the worst ways I’ve seen a company initially handle a breach and contact users. Even the way you told us was stupid. Get a new security team. My account is deleted. Maybe going forward you stop forcing people to register purely to see answers, like Yahoo Answers.
OK, so I have a long-lost Quora account, was my data compromised?
You’ve probably already received an email from Quora if your data was compromised.
The kinds of information that was exposed include account information, like users’ names, email addresses, passwords and data imported from linked networks (like Facebook and Google).
It also includes content like posted questions, answers, comments and upvotes — which is public anyway — as well as answer requests, downvotes and direct messages.
Basically anything that wasn’t done anonymously on the site was compromised.
But don’t worry, your identity probably won’t be stolen because Quora doesn’t collect sensitive personal information like credit card or social security numbers.
If you think you have a Quora account, the best thing to do is change your password.
If your Quora password was the same as your Google or Facebook password, you should change that too. Even if it was different, it never hurts to switch up your passwords.
To disconnect your linked accounts go to your profile picture > settings > account > and scroll down for connected accounts.
Or you could completely delete your account by going to your profile picture > settings > privacy > delete account.
What is Quora doing about it?
The social platform’s CEO Adam D’Angelo said in a statement that a “leading digital forensics and security firm” was continuing its investigation into the hack. The company has also notified law enforcement.
“We are notifying affected Quora users,” the statement said. “We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future.”
This data breach comes almost two months after a massive cyber attack on Facebook, which saw data stolen form 29 million accounts — its biggest hack to date.
While the Quora hack compromised 100 million of its users’ accounts, the Facebook hackers had access to much more information, such as names, contact details, birth dates, employers, education history, religious preference, types of devices used, pages followed and recent searches.