In a blogpost today, Quora’s CEO Adam D Angelo said that a malicious third party gained unauthorized access to our systems on November 30, as a result of which sensitive information of 100 million users was compromised.
The Big Picture
The Data Breach compromised sensitive data of about 100 million users due to unauthorized access to one of Quora’s systems by a malicious intruder. Quora is currently sending emails to users notifying about the breach and asking them to change their passwords. The company has also notified the law enforcement officials and has taken necessary actions to prevent such breach in the future.
In the blog post, Adam D Angelo wrote,
What kind of information was compromised?
Angelo further confirmed that anonymous questions and answers were not affected by the breach as the identities of people who post anonymously are not stored in the system.
In another blogpost on its help center, Quora confirmed that the breach did not compromise any of partner’s financial information that was accessible through Stripe (the third party payment service used for the Partner Program), though some data associated with Stripe was temporarily compromised. The company directly confirmed with Stripe that the access token was never used and they have already reset the access tokens for all Stripe account users.