Richard Lawler reports:
Another day, another security breach (and another, and another…). This time it’s Disqus, which is revealing that in 2012 — around the time when Engadget used Disqus for comments — hackers made off with some of its data, covering a snapshot of usernames and associated email addresses dating back to 2007, as well as “sign-up dates, and last login dates in plain text for 17.5mm users.” More distressing is news that it also coughed up passwords for a third of those accounts, which were in hashed (SHA1) form but it’s possible the attackers could have decrypted them.
Read more on Engadget.