What Happened
In 2012, specifically around July, Disqus, a popular blog commenting platform, suffered a data breach where hackers stole a database snapshot exposing details for approximately 17.5 million users dating back to 2007, including email addresses, usernames, sign-up dates, and last login dates in plain text, plus SHA-1 salted hashed passwords for about one-third of accounts. The breach remained undetected until October 5, 2017, when security researcher Troy Hunt notified Disqus after obtaining the data, prompting the company to confirm it within 24 hours, notify affected users, reset passwords for those included, and disclose the incident publicly. Disqus reported no evidence of unauthorized access or abuse from the stolen data, noted they had upgraded to bcrypt hashing by late 2012, and warned users of potential spam or phishing risks due to exposed emails. The exact breach method was never publicly detailed.
