Disqus is a global blog comment hosting service for websites and online communities that use a networked platform. Disqus’s platform combines several features, such as social integration, social networking, user profiles, spam tools, analytics, email notifications, and mobile commenting.
Disqus has confirmed a data breach that seems to have taken place in the July 2012 (5 years ago), an unknown hacker was able to expose a snapshot of the user’s database from 2012, including data dating back to 2007. The snapshot contains email addresses, Disqus usernames, sign-up dates, and last login dates in plain text for 17.5 million users.
According to Disqus:
“Yesterday, on October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now.”
“No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared,”
The company became aware of the breach from Aussie security researcher Troy Hunt, who come into the possession of a copy of the stolen data and notified Disqus on October 5th.
The team is still actively investigating the breach and will share all relevant information as soon as possible.