ITP Sites:   ITP Site|TechBlog|TechHub in schools|NZ CloudCode|All Tech Events|Software Escrow NZ

ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Home

Another reason to never read the comments

Paul Brislen, Editor. 09 October 2017, 7:55 am

Disqus, the seemingly ubiquitous online comments system provider, has announced it has been hacked, with customer data from around 2007 to 2012 appearing online.

Disqus has apologised to affected customers and while it is still working to determine how the breach occurred, it has released a statement saying that, "a snapshot of our user database from 2012, including information dating back to 2007, was exposed. The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5 million users. Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.

The breach came to light after data breach guru Troy Hunt (who runs the HaveIBeenPwned website) saw the data in the wild. Disqus verified the breach and said the data was genuine.

Users whose passwords were exposed will have them force-reset by Disqus. Only around one third of those leaked user accounts use passwords as most sign in via Google or Facebook.

The New Zealand Privacy Commissioner has recently submitted his views on changes to local laws, including mandatory reporting and large fines for companies that lose user data.

 


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio