The website Quora has informed users about a massive breach of their personal data, which was discovered on November 30. The perpetrators accessed different types of information, ranging from names and email addresses to public comments and questions that people may have left on the website and forgotten.
The US-based social network for knowledge exchange, Quora, reported that a malicious third party has accessed its system and compromised its users’ data security. A statement from the company’s CEO, Adam D’Angelo, read that the breach, which was discovered on November 30, had affected over 100 million accounts.
Along with public information such as questions asked on Quora, the perpetrators may have got hold of account information, such as names and passwords, as well as users’ non-public activities, including direct messages.
The company claimed that it had identified the root cause and addressed the vulnerability. But the causes behind the attack have not been revealed. The company has launched an investigation, conducted by its own security department as well as outsourced firms, and notified officials of the matter.
Meanwhile, the service advised its users to change their passwords, especially if they use the same one on several sites.
Some Twitter users, as well as tech journalists, pointed out that many may have forgotten that they even have a Quora account. Forbes states that some people could be unaware that they have an account, as the service is linked to Facebook quizzes and could have accidentally signed up.
Other netizens slammed Quora for pushing their services without providing security.
Some criticized the company for reporting the breach days after it was discovered.