Quora Data Breach: What You Need to Know

The intrusion could put 100 million users at risk for phishing and account takeovers

data iStock-938922584

The question and answer website Quora says hackers have breached its systems, potentially exposing the personal information of 100 million users.

The company says in a blog post that it discovered the intrusion Friday. The data exposed includes usernames, email, and hashed—or scrambled—passwords. It also could include data from linked networks, such as social media accounts, authorized by individual users.

The data also includes each user's public content, such as questions and answers, along with nonpublic content, such as answer requests and direct messages, though the company says that feature isn’t used by many people.

More on Security and Privacy

“The overwhelming majority of the content accessed was already public on Quora,” the company says in the blog post. “But the compromise of account and other private information is serious.”

The company says it’s contacting affected users. It has also notified law enforcement and hired a cybersecurity firm to figure how how the breach occurred.

News of the Quora breach comes just days after Marriott announced that systems of its Starwood hotels division had been hacked in 2014, leaving the personal information of up to 500 million guests exposed for four years.

Dunkin' Brands, the parent company of Dunkin' Donuts, also said last week that it had received reports that hackers were trying to access DD Perks accounts with log-ins and passwords stolen from elsewhere. And Dell reported that hackers breached its systems earlier in November, stealing customer names, email, and hashed passwords.

In the case of the Quora breach, the danger to consumers is limited because the company didn’t collect sensitive personal or financial information, such as Social Security or credit card numbers.

The real danger lies in password reuse, says Ron Gula, president and co-founder of Gula Tech Adventures, a cybersecurity investment firm.

“Even though the passwords may have been obscured with a hash, this is not really encryption, and hackers will likely be able to recover the actual passwords,” Gula says.

So it goes without saying that Quora users should change their passwords. And if they used the same password for another account, they should change that, too. Hackers will often use stolen log-ins and passwords to try to access other accounts.

Tips for Quora Users

Here are some other ways to protect your personal information:

  • Make sure you set a strong password. Long strings of random characters are best. If you’re going to have a tough time remembering it, think about using a password manager.
  • Be on the lookout for suspicious email. If nothing else, breaches like Quora’s give cybercriminals a treasure trove of new email addresses they can target with scam email, Gula says. And just a reminder: Phishing spikes during the holiday season. What looks like a shipping notification or pitch from a charity could actually be an attempt to steal your information or infect your computer with malware.
  • Think about deleting old online accounts. Many people may have set up a Quora account years ago, then forgot about it. While it won’t change anything about the recent data breach, Quora will let you delete your account and all of the information the company has about you. You can also get a download of your Quora data if you want to see exactly what the company has.
  • In the future, think before you hand over personal information. Social media networks such as Facebook and tech behemoths like Google are collecting your information. And you don’t have much say about where it goes and how it’s secured after that. The less personal data you share, the less likely it will be stolen.

You’ve Been Hacked

Have you experienced suspicious activity on your online accounts? On the "Consumer 101" TV show, Consumer Reports expert Thomas Germain explains how to take back control of your digital privacy.

Bree Fowler

Bree Fowler

I write about all things "cyber" and your right to privacy. Before joining Consumer Reports, I spent 16 years reporting for The Associated Press. What I enjoy: cooking and learning to code with my kids. I've lived in the Bronx for more than a decade, but as a proud Michigan native, I will always be a die-hard Detroit Tigers fan no matter how much my family and I get harassed at Yankee Stadium. Follow me on Twitter (@BreeJFowler).