Sci-tech

Disqus discovers hack of 17.5m user details after five years

The company said it was alerted to the incident by security researcher Troy Hunt late last week and chose to alert users as soon a it had determined the leaked data was genuine.

Many Disqus user accounts don't include passwords because users sign in via third-party accounts from Google, Facebook or elsewhere. Salted passwords hashed with the crackable SHA-1 algorithm for a third of Disqus users were also leaked. Disqus stated that they will communicate to affected users via email in more detail about the breach and what the can do to protect themselves.

"We sincerely apologise to all of our users who were affected by this breach".

Friday, October 6, 2017, before 4:00PM PDT, we published this public disclosure of the incident.

Right now there isn't any evidence of unauthorized logins occurring in relation to this.

"At this time, we do not believe that this data is widely distributed or readily available", Yan said.

New breach: Disqus had a data breach in 2012 which exposed 17.5M accounts. Engadget believes it is possible the attackers decrypted the passwords by now.

According to Hunt, the company was able to assess the breached data, establish a timeline of events, reset the password of affected users, draft up transparent announcement, and speak openly to the press regarding the matter all within a day of first being notified of the data theft.

He said the email addresses were in plain text, and hence affected users could receive spam or unwanted emails.

As a precautionary measure, we are forcing the reset of passwords for all affected users. We are contacting all of the users whose information was included to inform them of the situation.

Disqus said it wasn't aware of unauthorised users having logged into Disquis accounts as a result of the incident. Since 2012, as part of normal security enhancements, we've made significant upgrades to our database and encryption in order to prevent breaches and increase password security.

The software maker, which produces reader comment boards for blogs and newspapers everywhere, admitted at 4pm Pacific Time, Friday, that a network intruder was able to grab a copy of a database snapshot from 2012 - which contained almost 18 million account records, from email addresses to, in about a third of them, SHA1-hashed passwords.

Our team is still actively investigating this issue, but we wanted to share all relevant information as soon as possible. Your trust in Disqus is important to us and we're working hard to maintain that.

The company created a blog post which explained the data breach to users less than 24 hours after Hunt notified them.



Like this

loading...
loading...

Latest


09 October 2017
Stoltenberg says North Atlantic Treaty Organisation does not want new Cold War
At the same time he found it hard to comment on why the 29-member alliance had increased jets patrols in the Black Sea. At the same time, Stoltenberg said: "Russia is our neighbor". "We do not want to isolate Russian Federation ".

09 October 2017
Images of soldiers' bodies in plastic sacks trigger row
An engagement had followed on the social media site in criticism of lack of resources to soldiers in the last hour. Air Chief Marshal BS Dhanoa, Chief of the Indian Air Force , said, "The tail rotor of the helicopter flew off".

09 October 2017
Crescent Point Energy Corp (CPG) Stock Price Down 3.8%
Crescent Point Energy Corporati recently declared a dividend for shareholders that will be paid on Monday October 16th, 2017. Candriam Luxembourg S.C.A. grew its holdings in Crescent Point Energy Corporation by 14.7% in the second quarter.

09 October 2017
UnitedHealth Group Incorporated (UNH) Position Trimmed by Trexquant Investment LP
The score ranges from zero to six where a 0 would indicate no evidence of book cooking, and a 6 would indicate a high likelihood. Following the transaction, the insider now owns 195,625 shares of the company's stock, valued at approximately $38,755,268.75.

09 October 2017
Ireland Gear Up For Vital World Cup Qualifier Meeting With Wales
Poland booked their ticket for the finals as a 4-2 home win against Montenegro saw them finish top of Group E. During this time, twice became stronger the national team of Ireland and three times a draw was fixed.

09 October 2017
Balloons to help restore Puerto Rico's cell networks
With 83% of all cell phone service in Puerto Rico still out due to the hurricane, a solution is direly needed, to say the least. The Loon project consists of a network of high altitude balloons that rise like weather balloons to a height above 60,000 feet.

09 October 2017
Archie Bradley has amusing comment about his improbable triple
Oh by the way, the triple made Bradley the first relief pitcher to ever triple in the postseason. In 61 career regular season at-bats, Bradley's batting average is just.098.

09 October 2017
Barca to make a move on Griezmann
Griezmann has always been linked with a move away from the Spanish capital and was wanted by Manchester United last summer. Barcelona's admiring glances come as no shock, as Griezmann has always been one of the most unsafe attackers in La Liga .

09 October 2017
Britain is 'preparing a battle plan for war with North Korea'
In this case [North Korea], the UK would be part of a united global coalition. "We would see what support we could give". The Independent has contacted the Ministry of Defence for comment but none had arrived at the time of publication.

09 October 2017
HSBC Holdings, plc. Perpetual S (NYSE:HSEA) Experiences Light Trading Volume
Berenberg Bank cut shares of HSBC Holdings PLC from a "buy" rating to a "hold" rating in a research note on Wednesday, July 5th. Geode Capital Management LLC lifted its holdings in shares of HSBC Holdings PLC by 34.7% in the 1st quarter.