Everything is digital these days, from newspapers to magazines and communications and alike. Be it an article on gun control or a celeb scandal, we tend to share our views and engage in online discussions. But little do we know about the service that enables you to have those discussions on forums, blogs and websites.
Disqus is a web commenting system that allows you to voice your opinions. In case you’re wondering why this is relevant all of a sudden, let’s get right to it.
The company, which builds a web-based comment plugin for news websites and blogs, revealed on Friday about a massive security breach in July 2012 that allowed hackers to steal more than 17.5 million email addresses (17,551,044 to be precise). The hacked data includes email addresses, sign-up dates, Disqus user names, last login dates in plain text, and hashed (SHA1) passwords for about one-third of the total user base.
The discovery of the security breach came to light this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned. Hunt informed Disqus of the data theft, following which the company quickly addressed the matter.
“In the space of less than 24 hours after first learning of the breach, Disqus has managed to assess the breach data, establish a timeline of events, reset passwords on impacted accounts, craft a very transparent announcement and liaise candidly with the press.,” Hunt said of the swift response by Disqus on the breach, ZDNet reported.
According to the company’s official blog, Disqus said that all affected users will be emailed about the breach, and also force reset their passwords. Many accounts using Disqus service don’t have passwords because they used to sign in to access the commenting tool using Facebook or Google. The threat assessment on such third-party logins is unclear at the moment.
But Disqus is asking users to change passwords on other services if they are shared. The data breach includes information dating back to 2007, but the company has since improved the security of its platform expensively.
“We’ve taken action to protect the accounts that were included in the data snapshot. Right now, we don’t believe there is any threat to a user accounts. Since 2012, as part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security. Specifically, at the end of 2012 we changed our password hashing algorithm from SHA1 to bcrypt,” the company said on Friday.
With this breach revelation, Disqus joins the growing list of companies, like LinkedIn, Yahoo, MySpace, HBO, Spotify and others, which have been affected in similar cyber attacks.