Skip to Content
Security & privacy

World’s most popular Q&A website hacked, 100 million accounts exposed

Here we go again. Another day, another data breach. After a string of high-profile data breaches we told you about recently – including the one from a popular jewelry brand and this major hotel chain, another massive data leak has been confirmed.

This time, however, hackers have gained access to one of the most popular information websites around. If you’ve ever interacted with this question-and-answer website in the past, hackers may now have your data!

Read on and learn the whats, the hows and the whys of the latest data breach, and if you’re affected, we’ll also give you critical steps you should take to protect yourself.

Quora hacked

Quora, the popular question-and-answer website, has revealed that malicious parties managed to break into its systems and steal the information of up to 100 million users.

Information stolen include the following:

Account information:

  • name
  • email address
  • encrypted password
  • data from other linked authorized networks (Google, Facebook, etc.)

Public content and actions:

  • questions
  • answers
  • comments
  • upvotes

Private content and actions:

  • answer requests
  • downvotes
  • direct messages

The company also said that the anonymous questions and answers are not affected since they do not store the identities of people who post anonymous content.

Although Quora stated that that the majority of this data is already publicly available, the breach of private information is serious.

Refresher: What is Quora?

Quora is, by far, the most widely used and one of the best question-and-answer websites around. It covers virtually anything under the sun – from history to sports to current events.

You can submit your own questions and, due to Quora’s massive user base, someone knowledgeable about the topic will answer your query sooner or later. You can then likewise upvote or downvote answers based on how helpful or informative they are. On the flipside, you can also answer other people’s questions and have Quora users judge your answers.

Since Quora is highly curated and moderated, answers tend to be more consistently reliable and of a higher quality than other similar sites.

You will need to link your Google, Facebook or email account to use Quora. (Real names and identities are encouraged to prevent abuse.) After creating a Quora account, it will ask for your fields of interests so it can customize your feed with questions you may find interesting.

If you don’t have any pressing questions that need to be answered, browsing through Quora’s feeds is also a great way to pick up trivia and random facts that you wouldn’t have known otherwise. Additionally, you can follow questions to receive notifications about answers submitted down the road.

What happened?

Quora is still investigating the security incident, but according to its official statement, on Friday, Nov. 30, the company discovered that a third party has gained unauthorized access to one of its systems and compromised user data.

The exact nature and cause of the breach have not been disclosed yet, but the incident is now being examined by Quora’s own internal security team, as well as a leading digital forensics and security firm. Law enforcement officials have also been notified.

Click here to read Quora’s official blog about the incident.

What now?

While the breach is still being investigated, Quora has started notifying users who are impacted by the breach via email. Keep your eye out for that official Quora email.

“We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party,” Quora’s email states.”We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”

Quora has also logged out all users who may have been impacted by the data breach and are resetting the passwords of affected accounts.

The company also believes that it has identified the root cause of the breach and it has taken steps to fix the issue.

How to get help?

If you have any specific questions about the Quora breach, the company has put up a help center on its site. This FAQ has detailed information about the breach and the impact it has on its users.

What to do after a data breach

Thankfully, Quora does not store sensitive personal data like credit card information nor Social Security numbers, so the potential for identity theft based directly off this breach is low.

However, since passwords are involved, hackers will inevitably try your stolen email/password combo on other web services and accounts.

To protect yourself against the fallout from this breach, here are the standards steps you should take to audit your accounts.

  • Change your Quora password – The first thing you need to do is change your password. Even if you are not notified by the company, you should still change it immediately. Read this article to help you create the perfect passwords.
  • Check other accounts – With major data breaches like this, password reuse attacks will inevitably happen. If you are using the same passwords for multiple accounts, it is important that you review and change them now as well. If you don’t know by now, it is bad practice to use the same password across different services.
  • Beware of phishing – Carefully scrutinize any emails or texts claiming to be from Quora. They might be just fraudulent attempts to steal more of your personal information. Once the news of a data breach gets out, opportunistic cybercriminals try and scam unsuspecting people with phishing attacks.
  • Use a password manager – You can use a third-party password manager to automatically create unique and complex passwords for you across multiple sites.
  • Audit your online accounts – It’s also a good time to check all your other online accounts and passwords. This is especially true if you use the same credentials for multiple websites. 
  • Check your email with this site – A website called HaveIBeenPwned tracks emails and usernames that are known to have been stolen in data breaches. Run your email through the site’s search and it will alert you your email and associated accounts are already out there.

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started