Disqus reveals data breach from half a decade ago
disqus data breach

Disqus reveals data breach from half a decade ago

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Half a decade late, blog comment company Disqus has reportedly admitted a data breach that saw email addresses and passwords stolen from 17.5 million users.

Disqus, a global company that provides websites like blogs with an extension so users can leave comments on posts, was hit by hackers. The hackers reportedly managed to steal information dated back to 2007, which included usernames with associated email addresses, sign-up dates, lost login dates and hashed passwords.

Breach disclosure delay

The major delay in disclosing the data breach apparently lies in the company’s lack of security alerting systems to notify managers in the event of a breach. They reportedly didn’t know about the breach until owner of, Troy Hunt, received a copy of the site’s confidential information and alerted Disqus about the breach

According to Disqus, as soon as they were told about the breach, they wasted no time in disclosing the breach to the authorities and started contacting users and pushed affected account holders to reset their passwords; all within 24 hours. But this, swift response, post-realisation of the breach, is of course dwarfed by the five-year period the breach was hidden from the company…

Has the damage already been done?

At the time of the breach, the service was used by Engadget, a gaming and entertainment online magazine where editors would publish blogs on recent developments and reviews of gadgets and services, like iPhones and gaming consoles.

During the five years between the breach occurring and Disqus being told about it, cybercriminals may have already utilised stolen data for criminal activity, including using the username, email and password combo to try and unlock other accounts where goods and services could be purchased.

Although passwords were at least hashed, the SHA1 form of cyber protection may have been decrypted by cyber hackers. Disqus’ lack of cybersecurity to prevent a breach and also to detect unauthorised access and use of their data will likely have violated data protection laws.

The Data Protection Act and its Principles imposes obligations on all organisations to ensure any personal and private information held is safe and secure.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon