100 Million Quora Accounts Hacked: What to Do

The online question-and-answer website Quora suffered a malicious data breach that may have affected up to 100 million accounts, the site's CEO, Adam D'Angelo, said in an official company blog posting late Monday (Dec. 3).

Credit: Dreamstime

(Image credit: Dreamstime)

"For approximately 100 million Quora users, the following information may have been compromised," D'Angelo wrote. "Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users; Public content and actions, e.g. questions, answers, comments, upvotes; Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)."

The website will be notifying all affected users by email, and resetting their passwords. Anyone who had reused a password elsewhere is advised to create a new password for that account too. Users who logged into Quora using Google or Facebook login mechanisms should not be affected.

MORE: What to Do After a Data Breach

Quora has posted an extensive FAQ explaining details of the data breach, but the FAQ doesn't mentioned how user passwords were hashed, i.e. run through a one-way encryption algorithm. This matters because hashing algorithms vary greatly in strength. Passwords hashed with some older algorithms can be "cracked," or reversed, in milliseconds using standard desktop computers, while passwords using new algorithms might take thousands of years to crack.

D'Angelo's blog posting does mention that the hashes were "salted," meaning that a small extra bit of unique information was added to each password before it was hashed. That in theory will make the hashes more difficult to crack.

"Not all Quora users are affected, and some were impacted more than others," the FAQ states. "It is highly unlikely that this incident will result in identity theft, as we do not collect sensitive personal information like credit card or Social Security numbers."

Best Identity Protection Services

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.