Information leakage on Disqus affects 17.5 million users

Posted date 11/10/2017

Disqus, the company dedicated to providing commentary services to websites and blogs, suffered a cyber-attack in which the e-mail addresses, user names, registration dates and last connections of 17.5 million users were subtracted. The incident, unknown so far, took place in July 2012 and was discovered by a security resercher, who informed the company. Disqus confirmed the leakage the day after receiving the data provided by the investigator after verifying the information. According to the information provided by the company, the users who have been affected are those registered between 2007 and 2012.

In addition to the stolen information, the attackers were able to acquire the passwords of one-third of the affected users because they were stored on the server with the SHA-1 encryption algorithm. Despite no evidence of unauthorized access related to the leak, Disqus has changed the passwords of affected users and claims to continue investigating the incident.