What companies were among the biggest victims of hacks in 2018? Quora, the question and answer website.
The California-based company said Monday that about 100 million users who log in to use the service may have had their accounts compromised in a security breach. That’s about half its estimated total number of users.
That includes their name, email address, encrypted passwords, data imported from linked networks when authorized by users, their public content (such as questions, answers and comments) and non-public content and actions (such as answer requests and direct messages). Questions and answers that were written anonymously are not affected because the service doesn’t store the identities of those users.
Passwords of users who may have been affected have been reset and they will have to choose new ones the next time they log in.
In a question and answer page on Quora’s site the company said it is highly unlikely the breach will result in identity theft because Quora doesn’t collect sensitive personal information like credit card or social security numbers.
The company said it encrypts and salts passwords. If done properly that could reduce the odds the passwords will be unscrambled. But, like many sites, Quora allows users to log in using Facebook or Google credentials.
In a blog CEO Adam D’Angelo said the attack was noticed Nov. 30. “On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.”
“We believe we’ve identified the root cause and taken steps to address the issue.”
News of the breach comes after Marriott Hotels said personal information of some 500 million guests at its Starwood Hotel and Resort chains of hotels were exposed in a breach that began some four years ago.
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility,” the CEO said in his statement. “We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.”