Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Disqus Confirms 2012 Data Breach That Exposed Details for 17.5 Million Users
#1
Quote:Earlier today, on a late Friday evening, Disqus confirmed a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts.

The company found out about the breach from Aussie security researcher Troy Hunt, who come into the possession of a copy of the stolen data and informed Disqus yesterday afternoon.

According to one of Hunt's tweets, it took Disqus 23 hours and 42 minutes to investigate the data and confirm the breach.

Incident took place in July 2012
Disqus, the web's larger provider of hosted commenting systems, has already started notifying users included in the data provided by Hunt.

According to the company, hackers stole email addresses, Disqus usernames, sign-up dates, and last login dates in plain text. SHA-1 hashed passwords were only included for about a third of the 17.5 million details.

Disqus says the last entry in the exposed data is from July 2012, a good indicator of when the security breach took place.

This means hackers made off with details for Disqus users who signed up between 2007, when the company was founded, and July 2012.

Company has already reset passwords
"Right now, we don’t believe there is any threats to a user account," Disqus said in a security alert. "Since 2012, as part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security."

Disqus also said that at the end of 2012, it switched the password hashing algorithm from SHA1 to bcrypt.

The age of the breach and the fact that the passwords were hashed with SHA-1 protected most of the compromised accounts. Disqus said it found no evidence of unauthorized logins in relation to the breach.

Nonetheless, even if the danger is low, the company has reset passwords for all affected users. Disqus also said it is still investigating the incident. More details are likely to surface in the coming weeks.

Source:

HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers Breach University of Manchester; School Says Attackers Likely Copied Data mrtrout 0 539 06-12-2023 , 10:39 PM
Last Post: mrtrout
  Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam mrtrout 2 1,009 05-29-2023 , 03:41 PM
Last Post: Kai Brooks
  TikTok denies security breach after hackers leak user data, source code tarekma7 0 1,878 09-06-2022 , 10:19 AM
Last Post: tarekma7
  Hacker group claims to steal 3 million users’ data from Israeli hiking websites mrtrout 0 997 01-22-2022 , 11:03 PM
Last Post: mrtrout
  Volvo Cars discloses security breach leading to R&D data theft mrtrout 0 669 12-11-2021 , 12:25 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)