You can now find Cyber Kendra on Google News!

Disqus Hacked ! 17.5 Million Users Affected

Another day and again with the another data breach. This time Disqus, a web-based commenting platform have came up with the announcement of the data theft. Almost every news site use Disqus for the comment section, which means huge number of users may get affected.

Today, Disqus have announced that their web-based commenting system was hacked in 2012. Disqus have wrote on its blog post that they are investigating the hack incident that impacted a database from 2012. 

"We believe that it is best to share what we know now. We know that a snapshot of our user database from 2012, including information dating back to 2007, was exposed." - Disqus said on post.
There were about 17.5 millions users that were affected by the breach. Users data includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text. About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers.

Company said that some of the users account don't have password, because they signed up to the commenting tool using a third-party service, like Facebook or Google.

Disqus came to know about the system breach after getting a notification from Troy Hunt who runs data breach notification service Have I Been Pwned

Company said, they are force resetting the affected users Passwords, and also communicating to the respective users. Moreover they said - 
"We’ve taken action to protect the accounts that were included in the data snapshot. Right now, we don’t believe there is any threat to a user accounts. Since 2012, as part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security. Specifically, at the end of 2012 we changed our password hashing algorithm from SHA1 to bcrypt."
We also recommend all Disqus users to immediately change there account password even they are using the service after 2012 or now.

Last time in 2014, security researcher had discovered a critical security vulnerability on Disqus WordPress plugin. 

Post a Comment