In the wake of Yahoo’s disclosure that a 2013 data breach affected 3 billion subscribers around the world come this equality terrifying news from Disqus. Disqus, described as a “worldwide blog comment hosting service for websites and online communities that share a networked platform,” is home to hundreds of thousands of users.
The company that offers a web-based comment plugin for blogs and websites recently disclosed that a data breach compromised the details of over 17.5 million subscribers.
The breach was discovered on the evening of 5 October. Independent security researcher Troy Hunt was able to gather the site’s information, who in turn notified Disqus. Within 24 hours after finding out about the breach, Disqus informed affected users and urged them to change their passwords.
The hack covered users from 2007 with the most recent of exposed user information going back to July 2012. The hackers were able to glean the usernames, email addresses, sign—up dates, and last login dates of the affected users.
What makes the breach even more alarming is the fact that hackers got passwords for one-third of the victims, which were hashed with SHA-1 algorithm. Disqus warns affected users to immediately change their passwords as, while it is unlikely, the data can be decrypted. As IT services experts and those who offer managed IT services in Sydney know, compromised data can spell trouble for victims, particularly if the hackers are able to get their hands on the passwords.
Thankfully, Disqus has improved its security by adopting Bcrypt, a stronger password hashing algorithm. This therefore makes it more difficult for hackers to obtain the user’s actual password as it goes through a series of encryptions.
This, and the recent spate of breach disclosures, put the pressure on those who provide managed IT services, as well as other experts in the IT industry. The sensitive data gleaned from the hacks can lead to social engineering, which will help the hackers get more information from the victims and therefore be in a stronger position to scam them.
As such, everyone is encouraged to be vigilant when using the Internet. Passwords should be unique for every platform and website, so that a leaked password would not result to a compromised online profile across all websites. Furthermore, practice caution when opening attachments or going to redirect links on the emails, as these can be phishing attempts that would further put you at risk.
About IntelliTeK Pty Ltd
IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditation’s from the worlds leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007.
IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at firstname.lastname@example.org, fill out the web form, or have a Live Chat with us below.