Published On: Sat, Oct 7th, 2017

No Friday Night Without Drama! Disqus Gets Hacked, Exposing 17.5 Million Users

Disqus, a “number one blog criticism hosting use for websites and online communities” (highly doubtful a readers would need this detail) was apparently breached by hackers behind in 2012. The association has usually rescued this crack now and has reliable it in an central announcement. While it might have remained preoccupied to this crack for over half a decade, to a credit a association investigated and reliable a crack in reduction than a day after it was notified.

“Yesterday, on Oct 5th, we were alerted to a confidence crack that impacted a database from 2012,” a association pronounced in a announcement post today. “While we are still questioning a incident, we trust that it is best to share what we know now.”

marissa-mayer-yahoo-dataRelated 32 Million Yahoo Accounts Affected in Yet Another Breach – Mayer Won’t Receive Her Cash Bonus

The association has suggested that a “snapshot” of a user database that carried information dating behind to 2007 was stolen by different attackers. This information includes email addresses, Disqus user names, sign-up dates, and final login dates in plain content for 17.5 million users. Around one third of these influenced users might have also mislaid their passwords hashed regulating SHA1 to a hackers.

Disqus says it hasn’t found any justification of unapproved logins

While it has usually been a day, a association says so distant it hasn’t found any justification that a information was used for unapproved access. “Email addresses are in plain content here, so it’s probable that influenced users might accept spam or neglected emails,” a association added.

Disqus was told about this crack by famous confidence researcher, Troy Hunt, who found a duplicate of a stolen information and sensitive Disqus on October, 5. Hunt tweeted that it took a association reduction than 24 hours to respond to a crack and divulge it publicly (ahem SEC, Equifax…).

The association combined in a crack avowal that it had switched password hashing algorithm from SHA1 to bcrypt after in 2012.

Disqus is one of a web’s largest providers of hosted contention systems. While it says so distant no unapproved entrance has been detected, a association has started forcing influenced users to reset their passwords. “We are contacting all of a users whose information was enclosed to surprise them of a situation,” it said, earnest to keep a users updated with some-more information if anything new surfaces. “Your trust in Disqus is critical to us and we’re operative tough to say that.”

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>