recommended reading

Threatwatch

17.5 Million Disqus Accounts Exposed

Unknown

The commenting platform Disqus on Oct. 6 acknowledged a security breach that potentially affects 17.5 million users.

Disqus Co-founder Jason Yan in an alert said the data appears to come from July 2012 and earlier but includes Disqus usernames, email addresses, sign-up dates and last login dates in plain text. About one-third also include encrypted passwords.

Yan said the company is forcing a password reset for all affected users, though he said the company hasn’t seen evidence of unauthorized logins. Because the email addresses were in plain text, affected users may get spam or otherwise unwanted emails.

Have I Been Pwned? operator and independent security researcher Troy Hunt notified the company Oct. 5 of the potential breach. Disqus verified the data and began notifying users the next day prior to its public disclosure.

“Our team is still actively investigating this issue, but we wanted to share all relevant information as soon as possible. If more information surfaces we will update this post and share any updates directly to users,” Yan wrote.

sector

Web Services

reported

October 9, 2017

reported by

Help Net Security

number affected

17,500,000

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Unknown