Disqus reveals it suffered a security breach in 2012_Science & Military_Asia Pacific Daily

To download APD News app

1. Please scan the QR Code 2. Download and install APD News App

Disqus reveals it suffered a security breach in 2012

Science & Military2017-10-07

Another day, another security breach (and another, and another...). This time it's Disqus, which is revealing that in 2012 -- around the time when Engadget used Disqus for comments -- hackers made off with some of its data, covering a snapshot of usernames and associated email addresses dating back to 2007, as well as "sign-up dates, and last login dates in plain text for 17.5mm users." More distressing is news that it also coughed up passwords for a third of those accounts, which were in hashed (SHA1) form but it's possible the attackers could have decrypted them. According to Disqus, it learned of the leak Thursday evening after Troy Hunt of Have I Been Pwned notified obtained a copy of the site's information and informed the company. Within about 24 hours, it has disclosed the breach, started to contact users and forced password resets for affected accounts. Within the last day, Hunt has also added databases for breaches from Bit.ly and Kickstarter to his site, and he says he has three more to go. HIBP is a free service that collects the databases of account information stolen by hackers and will let you know if your information is among those affected -- signing up is probably a good idea. If you have an account with one of the services that have been pwned, then besides needing to reset your password there, you could have a problem if a password is shared across accounts on other websites. If you've reused a password elsewhere, then it's time to change it everywhere, which is why a password manager (like LastPass or 1Password) to create and manage unique keys is a good idea, as well as enabling two-factor authentication wherever you can. (ENGADGET)

Another day, another security breach (and another, and another...). This time it's Disqus, which is revealing that in 2012 -- around the time when Engadget used Disqus for comments -- hackers made off with some of its data, covering a snapshot of usernames and associated email addresses dating back to 2007, as well as "sign-up dates, and last login dates in plain text for 17.5mm users." More distressing is news that it also coughed up passwords for a third of those accounts, which were in hashed (SHA1) form but it's possible the attackers could have decrypted them.

According to Disqus, it learned of the leak Thursday evening after Troy Hunt of Have I Been Pwned notified obtained a copy of the site's information and informed the company.

Within about 24 hours, it has disclosed the breach, started to contact users and forced password resets for affected accounts.

Within the last day, Hunt has also added databases for breaches from Bit.ly and Kickstarter to his site, and he says he has three more to go.

HIBP is a free service that collects the databases of account information stolen by hackers and will let you know if your information is among those affected -- signing up is probably a good idea.

If you have an account with one of the services that have been pwned, then besides needing to reset your password there, you could have a problem if a password is shared across accounts on other websites.

If you've reused a password elsewhere, then it's time to change it everywhere, which is why a password manager (like LastPass or 1Password) to create and manage unique keys is a good idea, as well as enabling two-factor authentication wherever you can.

(ENGADGET)

Hot Recommended

  • China's State Grid eyes further investment along Belt and Road

  • Philippine Congress approves much-awaited tax reform bill

  • Marker for Filipino comfort women unveiled

  • Baby girl survives after being born with heart outside her body in UK

  • Japanese kanji of the year is 'north' – thanks to Kim Jong-un

  • Weinstein’s former Asia VP and close friend accused of sexual misconduct