Skip to main content

2012 Disqus Hack Exposed More Than 17 Million Users

By October 28, 2017June 21st, 2022Cybersecurity

The hits just keep coming, with Disqus being the latest company to issue a breach disclosure. If you’ve never heard of it, Disqus is an incredibly popular, plugin-based comment service for blogs.

Although the breach was only just discovered, it occurred five years ago in July 2012, and impacted more than 17.5 million users.

Evidence of the breach was initially discovered by an independent security researcher named Troy Hunt. It was then reported to the company and disclosed 24 hours later by Jason Yan, the CTO of the company, who had this to say:

“No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared.”

Mr. Yan’s advice is excellent, but unfortunately, it highlights a persistent, ongoing problem. Far too many people are still in the habit of using the same password across multiple websites, which means that when one site is breached, it potentially gives the hackers access to all your other accounts that have passwords in common.

It should be noted that since the breach, Disqus has made several upgrades to their security, including implementing even more robust encryption than they’d formerly been using. Again, per Mr. Yan:

“Since 2012, as part of normal security enhancements, we have made significant upgrades to our database and encryption to prevent breaches and increase password security. Specifically, at the end of 2012, we changed our password hashing algorithm from SHA1 to bcrypt.”

The problem is solved for now, but the damage has been done. The best thing you can do at this point is change your password immediately, stop using the same password across multiple websites and be on the alert for phishing emails designed to get you to give up even more information.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.