Question-and-answer website Quora has been hacked, with the names and email addresses of 100 million users compromised.
The breach also included encrypted passwords, and questions people had asked.
In a statement, Quora said the situation had been “contained”.
Last week, hotel chain Marriott admitted that personal information on up to 500 million guests had been stolen.
Quora released a security update in a question-and-answer format.
“We recently became aware that some user data was compromised due to unauthorised access to our systems by a malicious third party,” it began.
“We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials.”
It said it was also in the process of notifying all affected customers and reassured them that it was “highly unlikely” that the incident would lead to identity theft “as we do not collect sensitive information like credit card or social security numbers”.
Security expert Troy Hunt was one of those affected. He tweeted: “Short of not using online services at all, there’s simply nothing you can do to ‘not’ be in a breach, there’s only things you can do to minimise the impact when it inevitably happens.”
Users were asked to reset their password and will be prompted to do so when they next try to log in. Those wishing to delete their account can do so in the settings section and the deactivation will happen immediately.
Some users commented on Twitter that they had forgotten they used the service.
One tweeted: “Nothing like a data breach to remind me that I have a Quora account.”