On another day, another data disclosure was disclosed i.e. Disqus Hacked (Popular Comment System).
This time the popular comment system has fallen into a major security breach.
Disqus, the company that provides a web comment plugin for websites and blogs, admitted that it was breached five years ago in July 2012 and hackers stole data from more than 17.5 million users.
The stolen data includes email addresses, username, registration dates, and last dates for plain text access for all 17.5 million users.
What else? Hackers also have in their hands the passwords of approximately one-third of affected users, who get out and spread the use of the weakest SHA-1 algorithm.
The company indicated that the exposed user information dates back to 2007 with the latest exposures as of July 2012.
According to Disqus, the company became aware of the infringement on Thursday (5 October) the night after an independent security investigator Troy Hunt, who obtained a copy of the information on the website, the company said.
In about 24 hours, Disqus hacked and announced it started contacting its relevant users, forcing them to reset their passwords as soon as possible.
“Any password in plain text is not exposed, but it is possible that these can decrypt the data (although unlikely), as a precaution, we have reset passwords of all users. in a blog.
However, since late 2012 Disqus made other improvements to improve its security and has changed its hashing algorithm to Bcrypt password – a much stronger encryption algorithm which makes it difficult for hackers to get the actual password of ‘user.
“Since 2012, as part of the normal security enhancements, we have made significant improvements in our database and encryption to prevent violations and increase password security,” Yan said. “In particular, by the end of 2012, we changed our password hashing algorithm from SHA1 to bcrypt.”
In addition to resetting your password, we suggest that you also change your passwords on other online services and platforms if you share the same credentials.
It is very likely that hackers can use this stolen information along with social engineering techniques to gain more information about the victims. Therefore, we encourage you to be wary of junk and phishing emails that carry malicious attachments.
It is still not clear how hackers have practical information on Disqus hacked. Disqus, based in San Francisco, is still actively investigating this security incident.
We will update it as soon as more details have been completed.
This is another embarrassing breach recently revealed, after disclosure by Equifax potentially a breach of 145.5 million customers in the United States Securities and Exchange Commission (SEC) disclosure of a breach that aided hackers and La Yahoo’s recent dissemination of the data breach of 2013 has affected its 3 billion users worldwide.