Again we are facing another case of security breach, this time suffered by a major technology firm, and it seems that this is something increasingly common. As we are going to talk about the massive hacking suffered by Disqus, the company that provides the popular plugin of comments to websites and blogs.
Disqus Hacked: More Than 17.5 Million Users’ Details Stolen
Again we are facing another case of security breach, suffered by a major technology firm, and it seems that this is something increasingly common, all this despite the measures taken in this regard.
In this case, we are going to talk about the massive hacking suffered by Disqus, the company that provides the popular plugin of comments to websites and blogs. Well, they just found out and therefore have publicly admitted that their system was violated about 5 years ago, in July 2012, when hackers stole details of more than 17.5 million users of the platform. These data include e-mail addresses, usernames, registration dates, etc.
In addition to all this, the cyberattacks obtained the passwords of the affected users, keys that were processed using the weak SHA-1 algorithm. According to Disqus, the company learned about this Thursday, October 5, after an independent security researcher, Troy Hunt, obtained a copy of the hacked information, something of which notified the company immediately. Thus in about 24 hours, Disqus has revealed the data breach and has begun contacting affected users forcing them to reset their passwords as soon as possible.
Disqus was hacked by exposing more than 17 million credentials
Although plain text passwords were not exposed, it is possible to decrypt these data, so as a precautionary measure, the signature is resetting the passwords of all users who were affected, so they also recommend that all service change the passwords of other platforms if they are the same, something very habitual, as it affirms Jason Yan of Disqus.
It should be noted that since the end of 2012 Disqus has made certain updates to improve its security and has changed its password encryption algorithm to Bcrypt, a much stronger algorithm that makes it difficult to obtain the password of the user by hackers.
In the same way, important updates have been made to the database and encryption, all to avoid breaches and increase the security of the access keys, without knowing that they had already been violated.
Therefore, as we have said, in addition, to reset the password for Disqus, also advised changing the password in other services online where we use the same credentials, as it is possible that attackers use this stolen information along with other social engineering techniques to obtain more information about victims.
So, what do you think about this? SImply share your views and thoughts in the comment section below.