Disqus has confirmed a data breach in which around 17.5 million user information has been stolen.The company said that the breach occurred in July 2012 and was discovered by Troy Hunt, a security researcher
Disqus has confirmed a data breach in which around 17.5 million user information has been stolen.The company said that the breach occurred in July 2012 and was discovered by Troy Hunt, a security researcher who informed Disqus by sending them a copy of the stolen on Thursday afternoon.Disqus is a worldwide blog comment hosting service for websites and online communities. Hackers stole the snapshot of user database from 2012 which includes information dating back to 2007.“The snapshot includes email addresses, Disqus usernames, sign-up dates, and last login dates in plain text for 17.5mm users. Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included” said in a blog post published by the company.Troy hunt said that it took Disqus 23 hours and 42 minutes to investigate and confirm the data breach.It is still unknown who is behind the breach. The company has already started notify all affected users about the breach.The company has confirmed that no plain passwords were stolen, but as a security precaution company have reset the passwords of all affected users and advised users to change the passwords of other services also.
Read more: Breach in Deloitte Exposes Clients Confidential InformationForrester.com Breached! 4th Major Business entity that is Breached within a span of 30 Days
Disqus said there is no evidence of any unauthorized login attempts or access and warns that they may receive spams and unwanted email because stolen data contain email address in plain text.We’ve taken action to protect the accounts that were included in the data snapshot. Right now, we don’t believe there is any threat to user accounts. Since 2012, as a part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security. Specifically, at the end of 2012, we changed our password hashing algorithm from SHA1 to bcrypt.”Disqus said that their team is still investigating the data breach. We will update you more about this issue as we receive more information.