It’s barely been a week since Yahoo acknowledged that every single one of its user’s accounts was breached in 2013 and we’ve received word that yet another popular platform has suffered a serious data breach.
Disqus, a comment plug-in that’s very popular online and used by Firstpost and Tech2 in the past, has reported a data breach involving around 17.5 million user accounts. According to a blog post by the company, the breach was reported on 5 October by Troy Hunt of Have I Been Pwned fame. Hunt reported that he had access to a copy of user data from the site.
According to Disqus, the leaked information is a database snapshot from 2012. This snapshot includes email addresses, user names, last login dates and sign-up dates for 17.5 million users. This data was stored in plain text and easily readable by anyone. Passwords belonging to about 30 percent of the accounts were also leaked, but Disqus notes that these were encrypted and salted (an even more secure method of encrypting data).
Offering its apologies for the breach, Disqus has outlined the steps it has taken since the notification from Hunt. The passwords are unlikely to have been cracked, and Disqus reports that it has found no evidence that accounts were fraudulently accessed. To be on the safe side, however, Disqus has reset the passwords for the affected accounts. The company notes that it is possible that users whose email IDs were leaked will receive spam email. The database snapshot doesn’t appear to contain any data from July 2012 onwards.
Via its blog, Disqus has stated that it doesn’t believe the breach to have had any impact given the updates the company has made to the platform since 2012.