Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the crayon-syntax-highlighter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the otw_dcsw domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114
Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach » KryptosTechnology
Disqus hacked 17.5 Million users Details stolen 2012 breach

Disqus Hacked: More than 17.5 Million Users’ Details Stolen in 2012 Breach

Disqus hacked 17.5 Million users Details stolen 2012 breach
This time the popular commenting system has fallen victim to a massive security breach.

D

isqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole details of more than 17.5 million users.

The stolen data includes email addresses, usernames, sign-up dates, and last login dates in plain text for all 17.5 million users.

What’s more? Hackers also got their hands on passwords for about one-third of the affected users, which were salted and hashed using the weak SHA-1 algorithm.




The company said the exposed user information dates back to 2007 with the most recently exposed from July 2012.

According to Disqus, the company became aware of the breach Thursday (5th October) evening after an independent security researcher Troy Hunt, who obtained a copy of the site’s information, notified the company.

Within about 24 hours, Disqus disclosed the data breach and started contacting its affected users, forcing them to reset their passwords as soon as possible.



“No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared,” Disqus’ CTO Jason Yan said in a blog post.

However, since late 2012 Disqus has made other upgrades to improve its security and changed its password hashing algorithm to Bcrypt—a much stronger cryptographic algorithm which makes it difficult for hackers to obtain user’s actual password.




“Since 2012, as part of normal security enhancements, we have made significant upgrades to our database and encryption to prevent breaches and increase password security, Yan said. “Specifically, at the end of 2012, we changed our password hashing algorithm from SHA1 to bcrypt.”

In addition to resetting your password, you are also advised to change your passwords on other online services and platforms as well, if you share the same credentials.




It is most likely that hackers could use this stolen information in tandem with social engineering techniques to gain further information on victims. So, you are advised to beware of spam and phishing emails carrying malicious file attachments.

It is still unclear how hackers get hands-on Disqus data. San Francisco-based Disqus is still actively investigating this security incident.




We will update you as soon as more details surface.