Online question-and-answer website Quora has been impacted by a security incident, with an unauthorised third party gaining access to the data of approximately 100 million users.
Quora is a Q&A platform where you can ask a question and get answers from other users, or answer other user’s questions with your own knowledge. Quora posts quizzes on social media to try and generate more responses and subscribers to the platform. Quora’s Q&A forums might come up in your social feeds, even if you aren’t a Quora user.
Compromised data could include:
- Account information such as your name, email address, password, and user authorised data imported from linked networks like Google and Facebook.
- Public content and actions such as questions, answers, comments and upvotes.
- Non-public content and actions, such as answer requests, downvotes and, in a low percentage of cases, direct messages.
Does it affect me?
Quora is notifying affected users of the incident via email and will provide further updates as they are available.
Many people may not be aware that they have an account, because to access or respond to a Quora forum, you need to log in – either by creating a new account or by linking your Google or Facebook account.
Even if you signed up some time ago or don’t regularly visit or use Quora, your account would still be active and this breach may have exposed some of your information.
Any questions and answers that you have written anonymously are not affected by this breach as Quora does not store the identities of people who post anonymous content.
How do I stay safe?
To check if you have logged into Quora using your Facebook account, go to Settings > Apps and Websites > Logged in with Facebook. From here you will be able to see if you’ve used Quora.
There are a few simple steps you can take to help keep your information safe:
- Change your Quora account password. Go to account settings on the Quora website and click 'Change Password'.
- Use a strong password and don't re-use the same password on other websites.
- Change your password on any accounts where you may have used the same email and password combination.