Back to Radar
DI

Disqus

High

The 2012 Disqus breach exposed over 17.5 million email addresses, usernames, and salted password hashes.

Records exposed
17,551,044 records
Breach date
Breach Jul 1, 2012
Last update
Updated Oct 6, 2017
Source

What data was exposed?

Fields reported as compromised in this breach record.

Email addressesPasswordsUsernames

Why does this breach matter?

In-depth analysis of the breach and its implications.

In July 2012, Disqus, a blog commenting service, experienced a security breach that was identified years later in October 2017. The breach compromised over 17.5 million records, exposing email addresses, usernames, and encrypted passwords (hashed using salted SHA1). Users logging in via social providers had only references to their accounts stored instead of additional credentials.

Impact Analysis

Understanding the scope and consequences of this breach.

User Impact
Users may experience an increased risk of targeted phishing attempts or account compromise if similar credentials are reused.
Business Impact
Disqus faced reputational harm and the challenge of implementing stronger security measures.
Affected Sectors
  • Online Service Providers
  • Technology
Geographic Impact
  • Global

What You Should Do

Recommended actions to take in response to this breach.

If You Were Affected

  • Change your password for Disqus and other services where the same password was used.
  • Monitor accounts for suspicious activity.
  • Consider enabling multi-factor authentication on services where possible.

Preventive Measures

  • Use strong, unique passwords for every service.
  • Enable multi-factor authentication to enhance account security.
  • Stay vigilant for notifications of data breaches via awareness services like HaveIBeenPwned.

Frequently Asked Questions

Common questions about this breach and what it means for you.

You can visit haveibeenpwned.com and input your email to see if it appears in the breach.