Another reason to never read the comments
Disqus has apologised to affected customers and while it is still working to determine how the breach occurred, it has released a statement saying that, "a snapshot of our user database from 2012, including information dating back to 2007, was exposed. The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5 million users. Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.
The breach came to light after data breach guru Troy Hunt (who runs the HaveIBeenPwned website) saw the data in the wild. Disqus verified the breach and said the data was genuine.
Users whose passwords were exposed will have them force-reset by Disqus. Only around one third of those leaked user accounts use passwords as most sign in via Google or Facebook.
The New Zealand Privacy Commissioner has recently submitted his views on changes to local laws, including mandatory reporting and large fines for companies that lose user data.
You must be logged in in order to post comments. Log In