Comment hosting and management service Disqus has announced that they had suffered a major security breach in 2012 that affected 17.5 million of its users.
An independent security researcher, Troy Hunt, alerted them about the breach on October 5 this year. The company has confirmed that a snapshot of its database from 2012, which contains information dating back 2007, was breached.
Data was exposed in plain text and includes email addresses, sign-up dates, Disqus usernames, and last login dates in plain text.
“Right now there isn’t any evidence of unauthorized logins occurring in relation to this. No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared,” the company wrote on their blog.
“As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared. At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July 2012,” it added.
Since the hackers have exposed the email addresses of the victims in plain text, the company has expressed their fear that the affected users may have received spam emails. “At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July 2012,” it added.
An independent security researcher, Troy Hunt, alerted them about the breach on October 5 this year. The company has confirmed that a snapshot of its database from 2012, which contains information dating back 2007, was breached.
Data was exposed in plain text and includes email addresses, sign-up dates, Disqus usernames, and last login dates in plain text.
“Right now there isn’t any evidence of unauthorized logins occurring in relation to this. No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared,” the company wrote on their blog.
“As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared. At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July 2012,” it added.
Since the hackers have exposed the email addresses of the victims in plain text, the company has expressed their fear that the affected users may have received spam emails. “At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July 2012,” it added.
Tags:
News