Sci-tech

Disqus discovers hack of 17.5m user details after five years

The company said it was alerted to the incident by security researcher Troy Hunt late last week and chose to alert users as soon a it had determined the leaked data was genuine.

Many Disqus user accounts don't include passwords because users sign in via third-party accounts from Google, Facebook or elsewhere. Salted passwords hashed with the crackable SHA-1 algorithm for a third of Disqus users were also leaked. Disqus stated that they will communicate to affected users via email in more detail about the breach and what the can do to protect themselves.

"We sincerely apologise to all of our users who were affected by this breach".

Friday, October 6, 2017, before 4:00PM PDT, we published this public disclosure of the incident.

Right now there isn't any evidence of unauthorized logins occurring in relation to this.

"At this time, we do not believe that this data is widely distributed or readily available", Yan said.

New breach: Disqus had a data breach in 2012 which exposed 17.5M accounts. Engadget believes it is possible the attackers decrypted the passwords by now.

According to Hunt, the company was able to assess the breached data, establish a timeline of events, reset the password of affected users, draft up transparent announcement, and speak openly to the press regarding the matter all within a day of first being notified of the data theft.

He said the email addresses were in plain text, and hence affected users could receive spam or unwanted emails.

As a precautionary measure, we are forcing the reset of passwords for all affected users. We are contacting all of the users whose information was included to inform them of the situation.

Disqus said it wasn't aware of unauthorised users having logged into Disquis accounts as a result of the incident. Since 2012, as part of normal security enhancements, we've made significant upgrades to our database and encryption in order to prevent breaches and increase password security.

The software maker, which produces reader comment boards for blogs and newspapers everywhere, admitted at 4pm Pacific Time, Friday, that a network intruder was able to grab a copy of a database snapshot from 2012 - which contained almost 18 million account records, from email addresses to, in about a third of them, SHA1-hashed passwords.

Our team is still actively investigating this issue, but we wanted to share all relevant information as soon as possible. Your trust in Disqus is important to us and we're working hard to maintain that.

The company created a blog post which explained the data breach to users less than 24 hours after Hunt notified them.



Like this

Latest


09 October 2017
Automatic Data Processing (ADP) Position Trimmed by BRITISH COLUMBIA INVESTMENT MANAGEMENT Corp
On a one to five ratings scale where 1.0 indicates a Strong Buy, 2.0 indicates a Buy, 3.0 a Hold, 4.0 a Sell and 5.0 a Stong Sell. Court Place Advisors LLC's holdings in Automatic Data Processing were worth $7,862,000 at the end of the most recent quarter.

09 October 2017
The Longest World Series Droughts
The Indians have the highest chance, now checking in at 19.5 percent going into the American League Division Series. Houston got the win, and one Astros fan went viral in the process, after giving the finger.

09 October 2017
Crescent Point Energy Corp (CPG) Stock Price Down 3.8%
Crescent Point Energy Corporati recently declared a dividend for shareholders that will be paid on Monday October 16th, 2017. Candriam Luxembourg S.C.A. grew its holdings in Crescent Point Energy Corporation by 14.7% in the second quarter.

09 October 2017
UnitedHealth Group Incorporated (UNH) Position Trimmed by Trexquant Investment LP
The score ranges from zero to six where a 0 would indicate no evidence of book cooking, and a 6 would indicate a high likelihood. Following the transaction, the insider now owns 195,625 shares of the company's stock, valued at approximately $38,755,268.75.

09 October 2017
Balloons to help restore Puerto Rico's cell networks
With 83% of all cell phone service in Puerto Rico still out due to the hurricane, a solution is direly needed, to say the least. The Loon project consists of a network of high altitude balloons that rise like weather balloons to a height above 60,000 feet.

09 October 2017
Archie Bradley has amusing comment about his improbable triple
Oh by the way, the triple made Bradley the first relief pitcher to ever triple in the postseason. In 61 career regular season at-bats, Bradley's batting average is just.098.

09 October 2017
Wells Fargo & Company (WFC) Earns Sell Rating from Analysts at Vertical Group
Stelac Advisory Services LLC purchased a new stake in shares of Wells Fargo & in the second quarter worth approximately $104,000. On July 31 the stock rating was upgraded to "Market Perform" from "Underperform" in a statement from BMO Capital.

09 October 2017
Heavy Rains, Strong Winds Batter South Bengal, Operations Affected at Kolkata Airport
He said details were still coming in about the cancellation and diversion of flights. Departure of flights was halted from Kolkata airport due to strong crosswinds.

09 October 2017
Drop 'Muslim' And 'Hindu' From Names Of Universities: Education Panel
The panel has recommended that there should be five-year gap for all ex-students before they can be recruited as teachers in AMU. AMU's process of V-C selection promotes autonomy and transparency- a fight many government universities have been waging.

09 October 2017
Can asked about joining Klopp at Bayern: 'You never know'
Talks over a new deal to keep Can on Merseyside have stalled in recent months , with the absence of a release clause understood to be a factor.



Recommended