Disqus Hacked: To A Greater Extent Than Than 17.5 1 One M Thousand Users' Details Stolen Inward 2012 Breach

Another day, Another information breach disclosure.

This fourth dimension the pop commenting organisation has fallen victim to a massive safety breach.

Disqus, the companionship which provides a web-based comment plugin for websites in addition to blogs, has admitted that it was breached five years agone inwards July 2012 in addition to hackers stole details of to a greater extent than than 17.5 1000000 users.

The stolen information includes e-mail addresses, usernames, sign-up dates, in addition to final login dates inwards plainly text for all 17.5 1000000 users.

What's more? Hackers every bit good got their hands on passwords for nigh one-third of the affected users, which were salted in addition to hashed using the weak SHA-1 algorithm.

The companionship said the exposed user information dates dorsum to 2007 alongside the most latterly exposed from July 2012.

According to Disqus, the companionship became aware of the breach Th (5th October) level afterward an independent safety researcher Troy Hunt, who obtained a re-create of the site's information, notified the company.

Within nigh 24 hours, Disqus disclosed the information breach in addition to started contacting its affected users, forcing them to reset their passwords every bit before long every bit possible.

"No plainly text passwords were exposed, only it is possible for this information to endure decrypted (even if unlikely). As a safety precaution, nosotros convey reset the passwords for all affected users. We recommend that all users modify passwords on other services if they are shared," Disqus' CTO Jason Yan said inwards a blog post.

However, since belatedly 2012 Disqus has made other upgrades to meliorate its safety in addition to changed its password hashing algorithm to Bcrypt—a much stronger cryptographic algorithm which makes it hard for hackers to obtain user's actual password.

"Since 2012, every bit business office of normal safety enhancements, nosotros convey made meaning upgrades to our database in addition to encryption to forestall breaches in addition to increase password security, Yan said. "Specifically, at the terminate of 2012, nosotros changed our password hashing algorithm from SHA1 to bcrypt."

In add-on to resetting your password, you lot are every bit good advised to modify your passwords on other online services in addition to platforms every bit well, if you lot portion the same credentials.

It is most probable that hackers could purpose this stolen information inwards tandem alongside social technology scientific discipline techniques to gain farther information on victims. So, you lot are advised to beware of spam in addition to phishing emails carrying malicious file attachments.

It is even in addition to then unclear how hackers larn hands-on Disqus data. San Francisco-based Disqus is even in addition to then actively investigating this safety incident.

We volition update you lot every bit before long every bit to a greater extent than details surface.

This is yet roughly other embarrassing breach disclosed recently, afterward Equifax’s disclosure of a breach of potentially 145.5 1000000 the States customers, States Securities in addition to Exchange Commission (SEC) disclosure of a breach that profited hackers, in addition to recent Yahoo’s disclosure that 2013 information breach affected all of its iii Billion users.

Share This :