Disqus Comment Broker Suffers Data Breach

Disqus, recommended by Ghost and used by many, including this blog, hacked

Disqus, a provider of comment features for many blogs, including this one, has announced a hack.

Information on people who used Disqus between 2007 and 2012 is at risk.

Information compromised includes:

• email addresses

• Disqus user names

• sign-up dates

• last login dates for 17.5mm users

  Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.

Thankfully, my blog wasn't yet up at that time, but it's little comfort to those whose information was exposed.

From their blog post (above):

Potential Impact For Users:

 As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared.

 Email addresses are in plain text here, so it’s possible that affected users may receive spam or unwanted emails.

 At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July, 2012.

Thanks to Troy Hunt of HaveIBeenPwned for letting Disqus know about the breach!

See my previous article about using HaveIBeenPwned to see if your account has been compromised here.