Quora discovered the breach on November 30 and while not sharing the nature of the attack itself they have identified the root of the problem and they are addressing the issue. The leaked information includes – Account information (name, email address, encrypted password, data imports from linked networks); Public content and activity (e.g. questions and answers); Non-public content and activity (e.g. direct messages or answer requests).
Quora has since logged out all affected users, invalidated their passwords and sent them emails explaining the issue. They urged users to change their password on signing in and to change it on other platforms they might have used it on. Affected users should pay attention to emails that they receive. Name and email address may be used to create phishing emails or other types of unwanted emails. You can find out if your email address has been sold here.
The company is positive that the incident is unlikely to result in identity theft, as they don’t collect sensitive information such as credit card or social security numbers.
Quora is currently investigating the incident hiring a forensics and security firm and notifying law enforcement.