Question and answer site Quora is now answering questions about itself and a data breach that has trigged a password reset for impacted users.
Popular online question and answer site Quora reported a data breach late on Dec. 3, impacting 100 million of its users worldwide.
Among the data that was stolen from the Quora is personally identifiable information (PII) from the 100 million users including, account information with name, email address, encrypted (hashed) passwords as well as data imported from linked networks when authorized by users.
"On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to our systems," Quora wrote in a email to users. "We're still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials."
To help protect impacted users, Quora has logged out users and invalidated passwords. According to Quora, it has identified the root cause of the issue, though the company has not publicly disclosed what that issue actually involves.
Quora stated that it discovered the issue on Nov. 30 and moved quickly to inform users, after an initial investigation was completed.
"It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or social security numbers," Quora stated in an FAQ on the breach.
Quora stated that is has retained, "leading digital forensics and security firms" to help in the investigation. Additionally, Quora stated that it has informed law enforcement officials as well. At this point, Quora has stated that it does not know who is behind the attack.
What End Users Should Do
For end users, the largest risk is that from password reuse and the potential that the same password used for Quora is also used by end users on another site.
"It is generally a best practice to not reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so," Quora stated.
The Quora data breach is the latest in a string of breaches in recent weeks that have exposed user information to attackers. Dell disclosed a data breach on Nov. 29 on its website, which also triggered a reset of user passwords. On Nov. 30, the same day that Quora discovered its' breach, Marriott disclosed the largest breach yet in 2018, with 500 million users at risk from a breach that left user data exposed for up to four years.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.