Disqus confirms 2012 database breach impacting 17.5 million users

(Flickr/David Zhou/remixed by CyberScoop News)


Written by

Disqus confirmed a 2012 database breach on Friday impacting some data for 17.5 million users and including information dating back to 2007.

“The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5mm users,” Jason Yan, the company’s CTO, wrote in a blog post. “Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.”

The company, which builds a commenting system for news websites, was notified on Thursday by security researcher Troy Hunt. Hunt runs the data breach notification website Have I Been Pwned.

No plain text passwords were exposed but, as a precaution, all affected users had their passwords reset and Disqus is recommending changing any related password. The company does “not believe that this data is widely distributed or readily available.”


-In this Story-

Disqus, Troy Hunt