• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Disqus Hacked: 17.5 Million Users Affected

October 7th, 2017 Uzair Amir Hacking News, Security 0 comments
Disqus Hacked: 17.5 Million Users Affected
Share on FacebookShare on Twitter

Who doesn’t know about Disqus? It is the most commonly used hosted discussion system on news websites and forums. Of course, this requires subscribing to the service in order to comment. So, if you have an account on Disqus since 2007, then you have every reason to worry since the service became a victim of a targeted hack attack in 2012 where database from 2007 was hacked.

So far we had heard rumors about the hacking of Disqus, but the company remained mum on the issue. Finally, Disqus has confirmed that its web commenting system was indeed compromised in 2012. The company claims that unauthorized access hasn’t been detected as yet, but as a precautionary measure, users must reset their passwords.

More: Latin American social media giant Taringa hacked; 28M accounts stolen

In an official statement, Disqus stated that:

“Yesterday, on October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now. We are contacting all of the users whose information was included to inform them of the situation. Your trust in Disqus is important to us, and we’re working hard to maintain that.”

Reportedly, in the data breach that occurred in July 2012 hackers managed to steal Disqus’s database containing 17.5million email addresses. The breach, however, has been investigated recently by Disqus and currently it is performing the mandatory task of alerting users about the data hack.

According to the investigation conducted by Disqus, the database that was hacked had user records from the year 2007, and the attackers are yet unknown. They have provided a snapshot of the hacked database as well. The information stored in this database included email IDs, usernames, subscription dates and last login date. All the information was stored in plaintext format.

Since the passwords were hashed with the unreliable SHA1 algorithm at that time and Disqus switched to bcrypt in 2012. Therefore, it is believed that about a third of the total 17.5 million affected users might also have lost their passwords. Moreover, now these users are vulnerable to all sorts of phishing scams and spam messages. As the company noted itself:

“Email addresses are in plain text here, so it’s possible that affected users may receive spam or unwanted emails.”

It must be noted that well-known security researcher Troy Hunt (owner of data breach notifying service Have I Been Pwned) informed Disqus about this data hack. Hunt Tweeted about his finding after he discovered a copy of the hacked database. He immediately informed Disqus and within 24 hours the company took necessary action of conducting an investigation and alerting the affected users, which highly impressed Hunt.

“In the space of less than 24 hours after first learning of the breach, Disqus has managed to assess the breach data, establish a timeline of events, reset passwords on impacted accounts, craft a very transparent announcement and liaise candidly with the press,” noted Hunt.

Hunt further stated that “It’s a gold standard for responding to a security incident and sets a very high bar for others to aspire to in future.”

23 hours and 42 minutes from initial private disclosure to @disqus to public notification and impacted accounts proactively protected pic.twitter.com/lctQEjHhiH

— Troy Hunt (@troyhunt) October 6, 2017

The hacked database represents just 10% of the entire database of Disqus, and in the hacked database most of the accounts didn’t have passwords because users logged in through a third party service such as Google or Facebook. Therefore, the damage in that sense is not severe.

Disqus is the number one “blog comment hosting service” that is available for websites and online communities and the largest provider of web-based comments plugins on the web. It creates and provides comment plugins for news websites and therefore, it comes as no surprise that cybercriminals tried to attack this popular forum as well.

[fullsquaread][/fullsquaread]

More: Zomato Hacked; 17 Million Accounts Sold on Dark Web

  • Tags
  • breach
  • Cyber Attack
  • Cyber Crime
  • hacking
  • internet
  • Privacy
  • security
  • Social Media
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Apple patches bug that showed device password rather than hint
Next article FreeMilk Phishing Scam Hijacks Active Email Conversations to Deploy Malware
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Massive privacy risk as hacker sold 2 million MyFreeCams user records

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

19
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

37
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

361

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us