The question and answer website Quora says hackers have breached its systems, potentially exposing the personal information of 100 million users.

The company says in a blog post that it discovered the intrusion Friday. The data exposed includes usernames, email, and hashed—or scrambled—passwords. It also could include data from linked networks, such as social media accounts, authorized by individual users.

The data also includes each user's public content, such as questions and answers, along with nonpublic content, such as answer requests and direct messages, though the company says that feature isn’t used by many people. 

More on Security and Privacy

“The overwhelming majority of the content accessed was already public on Quora,” the company says in the blog post. “But the compromise of account and other private information is serious.”

The company says it’s contacting affected users. It has also notified law enforcement and hired a cybersecurity firm to figure how how the breach occurred.

News of the Quora breach comes just days after Marriott announced that systems of its Starwood hotels division had been hacked in 2014, leaving the personal information of up to 500 million guests exposed for four years.

Dunkin' Brands, the parent company of Dunkin' Donuts, also said last week that it had received reports that hackers were trying to access DD Perks accounts with log-ins and passwords stolen from elsewhere. And Dell reported that hackers breached its systems earlier in November, stealing customer names, email, and hashed passwords.

In the case of the Quora breach, the danger to consumers is limited because the company didn’t collect sensitive personal or financial information, such as Social Security or credit card numbers.

The real danger lies in password reuse, says Ron Gula, president and co-founder of Gula Tech Adventures, a cybersecurity investment firm.

“Even though the passwords may have been obscured with a hash, this is not really encryption, and hackers will likely be able to recover the actual passwords,” Gula says.

So it goes without saying that Quora users should change their passwords. And if they used the same password for another account, they should change that, too. Hackers will often use stolen log-ins and passwords to try to access other accounts. 

Tips for Quora Users

Here are some other ways to protect your personal information:

  • Make sure you set a strong password. Long strings of random characters are best. If you’re going to have a tough time remembering it, think about using a password manager.
  • Be on the lookout for suspicious email. If nothing else, breaches like Quora’s give cybercriminals a treasure trove of new email addresses they can target with scam email, Gula says. And just a reminder: Phishing spikes during the holiday season. What looks like a shipping notification or pitch from a charity could actually be an attempt to steal your information or infect your computer with malware.
  • Think about deleting old online accounts. Many people may have set up a Quora account years ago, then forgot about it. While it won’t change anything about the recent data breach, Quora will let you delete your account and all of the information the company has about you. You can also get a download of your Quora data if you want to see exactly what the company has.
  • In the future, think before you hand over personal information. Social media networks such as Facebook and tech behemoths like Google are collecting your information. And you don’t have much say about where it goes and how it’s secured after that. The less personal data you share, the less likely it will be stolen.