The question-and-answer website Quora says someone gained unauthorized access to one of its systems, compromising the personal data of up to 100 million users, including private messages.
There was no immediate word on how the data breach occurred, but Quora said in a statement on Monday that it was discovered on Friday, when the company found that a “malicious third party” gained unauthorized access to its system.
As a result, information belonging to 100 million users may have been compromised. This includes their name, email address, IP address, encrypted passwords, questions, answers, comments, and upvotes.
It also includes non-public content, such as drafts, answer requests, downvotes, and direct messages between users. Questions and answers that were written anonymously are not affected, according to the statement.
“We’re very sorry for any concern or inconvenience this may cause,” Quora CEO Adam D’Angelo said. He said the company is investigating how the breach occurred and law enforcement officials have been notified.
With up to 100 million users affected, it is among one of the largest cyber security breaches ever reported. Only 10 other data breaches are known to have affected a larger number of people, 2 of them at Yahoo! and one at Marriott International.