Reading:
Disqus reveals data breach from half a decade ago
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Half a decade late, blog comment company Disqus has reportedly admitted a data breach that saw email addresses and passwords stolen from 17.5 million users.
Disqus, a global company that provides websites like blogs with an extension so users can leave comments on posts, was hit by hackers. The hackers reportedly managed to steal information dated back to 2007, which included usernames with associated email addresses, sign-up dates, lost login dates and hashed passwords.
The major delay in disclosing the data breach apparently lies in the company’s lack of security alerting systems to notify managers in the event of a breach. They reportedly didn’t know about the breach until owner of HaveIBeenPwned.com, Troy Hunt, received a copy of the site’s confidential information and alerted Disqus about the breach
According to Disqus, as soon as they were told about the breach, they wasted no time in disclosing the breach to the authorities and started contacting users and pushed affected account holders to reset their passwords; all within 24 hours. But this, swift response, post-realisation of the breach, is of course dwarfed by the five-year period the breach was hidden from the company…
At the time of the breach, the service was used by Engadget, a gaming and entertainment online magazine where editors would publish blogs on recent developments and reviews of gadgets and services, like iPhones and gaming consoles.
During the five years between the breach occurring and Disqus being told about it, cybercriminals may have already utilised stolen data for criminal activity, including using the username, email and password combo to try and unlock other accounts where goods and services could be purchased.
Although passwords were at least hashed, the SHA1 form of cyber protection may have been decrypted by cyber hackers. Disqus’ lack of cybersecurity to prevent a breach and also to detect unauthorised access and use of their data will likely have violated data protection laws.
The Data Protection Act and its Principles imposes obligations on all organisations to ensure any personal and private information held is safe and secure.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
