Disqus discovers hack of 17.5m user details after five years

The company said it was alerted to the incident by security researcher Troy Hunt late last week and chose to alert users as soon a it had determined the leaked data was genuine.

Many Disqus user accounts don't include passwords because users sign in via third-party accounts from Google, Facebook or elsewhere. Salted passwords hashed with the crackable SHA-1 algorithm for a third of Disqus users were also leaked. Disqus stated that they will communicate to affected users via email in more detail about the breach and what the can do to protect themselves.

"We sincerely apologise to all of our users who were affected by this breach".

Friday, October 6, 2017, before 4:00PM PDT, we published this public disclosure of the incident.

Right now there isn't any evidence of unauthorized logins occurring in relation to this.

"At this time, we do not believe that this data is widely distributed or readily available", Yan said.

New breach: Disqus had a data breach in 2012 which exposed 17.5M accounts. Engadget believes it is possible the attackers decrypted the passwords by now.

According to Hunt, the company was able to assess the breached data, establish a timeline of events, reset the password of affected users, draft up transparent announcement, and speak openly to the press regarding the matter all within a day of first being notified of the data theft.

He said the email addresses were in plain text, and hence affected users could receive spam or unwanted emails.

As a precautionary measure, we are forcing the reset of passwords for all affected users. We are contacting all of the users whose information was included to inform them of the situation.

Disqus said it wasn't aware of unauthorised users having logged into Disquis accounts as a result of the incident. Since 2012, as part of normal security enhancements, we've made significant upgrades to our database and encryption in order to prevent breaches and increase password security.

The software maker, which produces reader comment boards for blogs and newspapers everywhere, admitted at 4pm Pacific Time, Friday, that a network intruder was able to grab a copy of a database snapshot from 2012 - which contained almost 18 million account records, from email addresses to, in about a third of them, SHA1-hashed passwords.

Our team is still actively investigating this issue, but we wanted to share all relevant information as soon as possible. Your trust in Disqus is important to us and we're working hard to maintain that.

The company created a blog post which explained the data breach to users less than 24 hours after Hunt notified them.

Like this


09 October 2017
Android Nougat 7.0 and 7.1 now officially supported by Xposed Framework
But from Xposed Framework, you do not need to do customization on your device, because Xposed will do all the heavy duty for you. It took nearly a year in the making and comes months after Google launched Android Oreo 8 .0, the next version of Android .

09 October 2017
Northern Trust Corp Increases Holdings in Clovis Oncology, Inc. (CLVS)
After $0.10 actual EPS reported by Laredo Petroleum Inc for the previous quarter, Wall Street now forecasts 40.00% EPS growth. Equities research analysts predict that Clovis Oncology will post ($5.08) earnings per share for the current year.

09 October 2017
Archie Bradley has amusing comment about his improbable triple
Oh by the way, the triple made Bradley the first relief pitcher to ever triple in the postseason. In 61 career regular season at-bats, Bradley's batting average is just.098.

09 October 2017
Barca to make a move on Griezmann
Griezmann has always been linked with a move away from the Spanish capital and was wanted by Manchester United last summer. Barcelona's admiring glances come as no shock, as Griezmann has always been one of the most unsafe attackers in La Liga .

09 October 2017
Google balloons to help restore Puerto Rico's cell networks
The FCC's daily status report also shows significant wireline, TV and radio outages remain in both US territories. It gave Google parent company Alphabet the go-ahead Friday to provide Wi-Fi and cell phone service via balloons .

09 October 2017
Cleveland Browns: Three takeaways from the loss against the New York Jets
There have been some hiccups and miscues, but McCown has done an impressive job leading a young and unheralded offense. The Jets offense had been completely inept before then - late in the third quarter, they had gained only 90 yards.

09 October 2017
Markets finish flat, Nifty fails to hold on to 10000- mark
Sectoral indices took strength from consumer durables, FMCG, healthcare and auto stocks, trading higher by up to 2.12 per cent. Nifty futures trading on SGX were down 44 points, or 0.44 per cent, at 9,976, indicating a negative start for NSE Nifty index.

09 October 2017
HSBC Holdings, plc. Perpetual S (NYSE:HSEA) Experiences Light Trading Volume
Berenberg Bank cut shares of HSBC Holdings PLC from a "buy" rating to a "hold" rating in a research note on Wednesday, July 5th. Geode Capital Management LLC lifted its holdings in shares of HSBC Holdings PLC by 34.7% in the 1st quarter.

09 October 2017
Roberto Firmino: I'm loving life at Liverpool… but I always want more
The 26-year-old, now away on worldwide duty with Brazil , has contributed 27 goals in 101 appearances in all competitions since signing from Hoffenheim in 2015.

09 October 2017
Terrorists attack Pakistan's border areas from Afghanistan, claims Pak PM
Khaqan Abbasi said that despite fiscal deficit, Pakistan would not go to the International Monetary Fund for loans. We emphasised to everybody we met (at the UNGA) that nobody wants peace in Afghanistan more than Pakistan".