Disqus Breach News: Company Confirms 2012 Hack Exposing 17.5 Million User Emails and Other Data

By Janna Dela Cruz, Christian Post Contributor

The worldwide blog comment hosting service Disqus has confirmed a security breach that took place in 2012, making information of 17.5 million of its users vulnerable.

The hack involved its 2012 database (info from July of that year being the most recent) including data dating back to 2007. The Disqus user names, sign-up dates and last login dates of the affected users were all compromised in plain text.

The passwords of one-third of those were also uncovered by being "hashed using SHA1 with a salt." However, Disqus says that they have not found evidence of unauthorized login using the hacked information.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

In an official statement, the company apologized for the issue and promised to get to the bottom of the hack:

We sincerely apologize to all of our users who were affected by this breach. Our intention is to be as transparent as possible about what happened, when we found out, what the potential consequences may be, and what we are doing about it.

Disqus says that while no plain text passwords were compromised, there is still the possibility for such data to be decrypted so users are advised to reset their passwords.

Since the email addresses were also affected by the hack, Disqus explains that users may receive or have received spam or unwanted emails. Those whose accounts were hacked will be contacted by the company.

Disqus assures that the hacked data has not been "widely distributed or readily available" and they are doing their best to keep it that way:

We've taken action to protect the accounts that were included in the data snapshot. Right now, we don't believe there is any threat to a user accounts. Since 2012, as part of normal security enhancements, we've made significant upgrades to our database and encryption in order to prevent breaches and increase password security. Specifically, at the end of 2012 we changed our password hashing algorithm from SHA1 to bcrypt.

Disqus promises to provide more information as their team continues their investigation on the hack.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.