Advertisement

Disqus confirms 2012 database breach impacting 17.5 million users

The snapshot includes email addresses, user names, sign-up dates, and last login dates in plain text for 17.5 million users.
(Flickr/David Zhou/remixed by CyberScoop News)

Disqus confirmed a 2012 database breach on Friday impacting some data for 17.5 million users and including information dating back to 2007.

“The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5mm users,” Jason Yan, the company’s CTO, wrote in a blog post. “Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.”

The company, which builds a commenting system for news websites, was notified on Thursday by security researcher Troy Hunt. Hunt runs the data breach notification website Have I Been Pwned.

No plain text passwords were exposed but, as a precaution, all affected users had their passwords reset and Disqus is recommending changing any related password. The company does “not believe that this data is widely distributed or readily available.”

Advertisement

 

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts