Disqus Confirms Over 17.5 Million Email Addresses Were Stolen In 2012 Hack of Its Comments Tool

Disqus, a company that builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012. "About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers," reports ZDNet. From the report: Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service, like Facebook or Google. The theft was only discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company said in a blog post, posted less than a day after Hunt's private disclosure, that although there was no evidence of unauthorized logins, affected users will be emailed about the breach. Users whose passwords were exposed will have their passwords force-reset. The company warned users who have used their Disqus password on other sites to change the password on those accounts.

Passwords are special. SHA-1 is much too fast

[raymorris]

You are absolutely correct for SHA-1 hashes of random data, of significant length. Passwords, however, are neither random nor long. I'll describe the attack for you and you can try it out yourself. The fact that an ordinary consumer PC can compute SHA-1 password hashes at the rate 10 billion per second is why SHA-1 is no longer appropriate for passwords. Here's how the attack is done:

Download two large lists of passwords, any "combined list" from your favorite haxor site will do. It doesn't matter what sites the passwords are from. If you run a comparison, you'll find that given two lists of a million passwords, about half of the passwords will be on both lists - with different accounts. That is, there is about a 50/50 chance that your password is in the list because somebody else used the same password. You probably know it's not too hard to find lists totaling many millions of passwords (we don't need fresh ones). If we put together a list of 10 million passwords, most of the Disqus passwords will be on our list, because SOMEBODY used the same password (not necessarily the same person).

So we take the first, most common password on our list of previously seen passwords and try it against each of the 17 million hashes from Disqus. Because SHA-1 is so fast, our $100 GPU can check all 17 million hashes in one millisecond. In one second, we can try the top thousand most common passwords. In 24 hours, we can test out 10 MILLION passwords that somebody, somewhere, has used before, and thereby crack perhaps 8 million of the Disqus passwords - which gives us the email addresses to match those passwords.

For passwords, therefore, you need a hash that can't be easily computed at the rate of billions per second with commodity hardware. Bcrypt and scrypt are appropriate choices. To avoid certain problems with particularly long or particularly short passwords, you first take a SHA-2 hash of the password, then scrypt it.*

* In the general case of random data, hashing a hash doesn't add security. Passwords, however are not the general case.