Quora says hackers stole up to 100 million users’ data

Quora said it discovered last week that hackers broke into its systems and were able to make off with data on up to 100 million users. That data could have included a user’s name, email address, and an encrypted version of their password. If a user imported data from another social network, like their contacts or demographic information, that could have been taken too.

Some private actions on the site may have been taken as well. That includes requests for answers, downvotes, and direct messages. Content posted anonymously should remain anonymous, however, as Quora says it does not store identifiable information for those posts.

“The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” Quora CEO Adam D’Angelo wrote in a blog post this evening. The company is also sending out emails to affected users.

Quora says it has notified law enforcement and hired a digital forensics firm to investigate what happened. For now, it’s only revealing that a “a malicious third party” was able to gain “unauthorized access to one of our systems” and that it discovered the breach on Friday.

At 100 million users, this is a very substantial breach and one that likely represents a major portion of Quora’s registered users. In 2015, D’Angelo said the site received 200 million unique visitors each month, which likely comes primarily from search traffic.

D’Angelo says Quora is trying to “contain the incident” and prevent another breach from happening. “We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.”

Large scale data breaches have been an unfortunately common occurrence in the last few years, as huge databases of information built up over years and years gets breached and hackers are able to pull large swathes away at once. Just last week, a Marriott breach leaked personal info on up to 500 million guests; in September, a hacker gathered personal information from up to 29 million Facebook accounts.