Disqus Security Breach Exposed more than 17 Million Email Addresses

Technology > Security

Photo via Pixabay


Worldwide blog comment hosting service provider Disqus has been alerted of a security breach that affected the database of 2012, exposing at least 17.5 million email addresses. The information dating back to 2007 include usernames, sign-up dates, and last login dates were exposed in the security breach.

“Right now, there isn’t any evidence of unauthorized logins occurring in relation to this. No plain text passwords were exposed, but it is possible for these data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared,” noted Disqus at its official blog site.

Other potential impacts include affected users may receive spam or unwanted emails, and possible distribution of the exposed data. It is unclear how attackers manage to breach the security of the service provider.

“This was a dark moment for Disqus and there’s no sugar-coating the fact that somehow, somewhere, someone on their end screwed up and they lost control of customer data. But look at the public sentiment after their disclosure; because of the way Disqus handled the situation, it’s resoundingly positive,” said Troy Hunt, a security expert who told Disqus about the security breach.

Disqus is still investigating the issue and plans to share any relevant information that may turn up from their investigation.