Popular online commenting plugin for websites and blogs, Disqus, has admitted that it suffered a data breach 5 years ago in which more than 17.5 million amount of data were stolen by the hackers.
Disqus explained that users data stolen during the breach which took place in July 2012, included usernames, email addresses, sign-up dates and last login dates in plain text.
The hackers were able to lay their hands on one third of the affected users whose passwords were hashed using the weak SHA-1 algorithm.
Disqus became aware of the breach on on October 5 after an independent researcher named Troy Hunt, notified the company of the breach. Disqus quickly notified its users, forcing them to reset their passwords.
Disqus CTO Jason Yan explained in a blog post that "No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reste the passwords for affected users. We recommend that all users change passwords on other services if they are shared."
The company said that the hack dates back to 2007, although major security upgrades were made in 2012 such as the password hashing algorithm which was changed to Bcrypt which is a stronger cryptographic algorithm.
Disqus is currently investigating how the hackers managed to get their hands on their data. though the company warns that users are vulnerable to all kinds of phishing scams, malicious and spam messages.
0 comments:
Post a Comment