Question-and-answer website Quora.com says hackers have gained access to encrypted passwords and user IDs for as many as 100 million of its users.
In a note to affected users late Monday, the chief executive of the question-answering website, Adam D’Angelo, said a “malicious third party” had broken into one of its systems.
Users were told they had been logged out and must re-enter a new password. The company said digital forensics teams were working to stem the security problem, and law enforcement agencies had been notified.
“While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company,” D’Angelo said in the note. He also apologized for the inconvenience.
The information hacked included questions and answers which may be seen publicly, but also personal information, such as:
- Internet protocol address.
- User ID.
- Encrypted password.
- User account settings.
Users posting on Twitter have complained about having to give so much personal information to see Quora postings.
“So you force people to register an account to browse your site and demand that members use their real identity but you are not able to protect their data,” said one user.
Quora said it became aware of the hack on Nov. 30. Users worldwide are affected, including users in Canada.
Quora said it was notifying all affected customers and that it was “highly unlikely” that the incident would lead to identity theft, “as we do not collect sensitive information like credit card or social security numbers.”
Quora bills itself as a place to gain and share knowledge.
It is just the latest victim of a high-profile hack. Last week, Marriott Hotels said the personal information of up to half a billion people who stayed at Starwood hotels between 2014 and 2018 may have been stolen.
A Yahoo breach earlier this year may have affected up to three billion accounts.