Disqus hacked!

Disqus hacked!So, Disqus has been hacked. Yeah, it is what we at BetaNews -- plus many other websites -- use for commenting. Should you be worried? Probably not. You see, this hack happened all the way back in July of 2012. If you joined Disqus after that, you have nothing to worry about. Even if you are using the same login credentials from 5+ years ago, the hackers have only obtained hashed passwords. In other words, they probably haven't decrypted your password.

But OK, even though it is unlikely that your password has been exposed, Disqus is forcing a password reset for all impacted users. Heck, even if you signed up after the hack, it can't hurt to manually change your password, y'all. After all, Disqus didn't even discover the hack on its own, which is worrying. The company was alerted to the breach by the great security researcher Troy Hunt, who found the database floating around the dark web. If you aren't familiar with Hunt, he maintains the excellent haveibeenpwned.com.

"Yesterday, on October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now. We know that a snapshot of our user database from 2012, including information dating back to 2007, was exposed. The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5mm users. Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included," says Jason Yan, Founder, Disqus.

Yan also says, "As a precautionary measure, we are forcing the reset of passwords for all affected users. We are contacting all of the users whose information was included to inform them of the situation. We’ve taken action to protect the accounts that were included in the data snapshot. Right now, we don’t believe there is any threat to a user accounts. Since 2012, as part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security. Specifically, at the end of 2012 we changed our password hashing algorithm from SHA1 to bcrypt."

New breach: Disqus had a data breach in 2012 which exposed 17.5M accounts. 71% were already in @haveibeenpwned https://t.co/LGaAnj1hUA

— Have I been pwned? (@haveibeenpwned) October 6, 2017

While Disqus is forcing a password reset for its service, remember, you may still be at risk if you reuse passwords. True, reusing passwords is bad practice, but many people do it. If this is you, be sure to change your password on any other website that uses the same one as your Disqus account.

Are you concerned about this hack? Have you been forced to change your password? Tell me in the comments below.

Source: Betanews

Tags: break, Internet, security

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

With the head of Samsung Group facing prison time, CEO calls for company to "start anew"
Is there a way to turn off the iPhone or iPad that doesn't require a button?
Users will be warned that the app is still in development and will be unstable
Quick test proves fast charging isn’t as fast as promised
Bitcoin shrugs off Chinese regulations and bubble chatter to smash a new record
Microsoft moves the controls to the Settings app
The Exynos-powered Note8 are capable of capturing videos at 60fps, not just 30fps, but the software on them doesn't allow it
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (4)