Slashdot Mirror

← Back to Stories (view on slashdot.org)

Disqus Confirms Over 17.5 Million Email Addresses Were Stolen In 2012 Hack of Its Comments Tool (zdnet.com)

Posted by BeauHD on from the security-breach dept.

Disqus, a company that builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012. "About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers," reports ZDNet. From the report: Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service, like Facebook or Google. The theft was only discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach. The company said in a blog post, posted less than a day after Hunt's private disclosure, that although there was no evidence of unauthorized logins, affected users will be emailed about the breach. Users whose passwords were exposed will have their passwords force-reset. The company warned users who have used their Disqus password on other sites to change the password on those accounts.

81 comments

  1. Meh. by Frosty+Piss · · Score: 3, Informative

    I'm really not sure how much I consider an email "breach" all that big a deal. Most people use semi-disposable email anyway, and how is your email address much more secret than your street address? I suppose they could use them in a big data-mining cross-reference deal, but at this point, I'm kind of "so what".

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Meh. by JohnFen · · Score: 4, Informative

      It wouldn't be a big deal, except that people generally have terrible password habits. The main issue here will be people who tend to use the same password in multiple places.

      The risk is if the hashes are cracked (which is doable if someone thinks it's worth the effort). If that's done, then there will be a sizable percentage of people who use the same email address combined with the same password on other sites too. Potentially banking sites, ebay accounts, etc. Thieves know people do this, and look for it.

      Those people are at severe risk and need to know.

    2. Re:Meh. by Anonymous Coward · · Score: 0

      Your email sucks cock anyway, so yes.

    3. Re:Meh. by Anonymous Coward · · Score: 0

      Frosty Piss sucks cock. I wish all emails were like that.

    4. Re:Meh. by Berkyjay · · Score: 1

      Most people use semi-disposable email anyway".

      Wait what? Where do you get this idea?

    5. Re:Meh. by lucm · · Score: 2

      Most people use semi-disposable email anyway".

      Wait what? Where do you get this idea?

      Maybe he got it from people who semi-doublequote quotes

      --
      lucm, indeed.
    6. Re:Meh. by Berkyjay · · Score: 1

      Ahhh now that's some good /.

    7. Re:Meh. by AmiMoJo · · Score: 1

      Typically when millions of passwords are leaked with just a basic hash and no salt, 99% of them are cracked within a month.

      Publicly cracked by people looking to show up the poor security, that is. Presumably anyone with bad intentions spends a few bucks on Amazon EC2 instances so they can get to abusing them ASAP.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Meh. by nukenerd · · Score: 1

      Most people use semi-disposable email anyway

      No they don't.

      and how is your email address much more secret than your street address?

      Because it requires money and effort to spam me at my street address, but almost none at my email address.

  2. Disgus? by Anonymous Coward · · Score: 0

    It's Disqus, not disgus.

    1. Re:Disgus? by Anonymous Coward · · Score: 0

      Fuck you, captain anal grammar.

    2. Re:Disgus? by Applehu+Akbar · · Score: 1

      No, it’s a play on ‘disgust’, as in the commenting system that keeps logging you out of your account on a site at random unexpected times. And when you find yourself logged out, generally after hitting ‘Reply’ and composing a beautiful rejoinder to some clueless moron who could benefit so by your crystalline reasoning, you find that the Disqus login pop up just flashes by, disappearing without letting you enter anything.

      The bright side is that a site that uses Disgust is at least not using Livefyre.

    3. Re:Disgus? by lucm · · Score: 1

      I had to look up Livefyre because I'm a social media retard, and I almost drowned in my gulp of mountain dew when I saw this on their website:

      Engage people with the voices they trust. Their own.

      http://www.adobe.com/ca/market...

      The url itself is already a cuntpuncher, it has "marketing-cloud" and "experience-manager" in it, as well as "platform". Well played, Adobe, almost got a bullshit bingo in the address bar alone.

      --
      lucm, indeed.
    4. Re:Disgus? by Anonymous Coward · · Score: 0

      it's "Disqus" with a Q. It's a play on "discuss".

      Except that "qu" is pronounced "kw", so the name would be "diskws" if you could get your mouth around the last half. Maybe "diskwis" or "diskwus" if you inserted a vowel to make it more pronounceable.

      I just roll my eyes at the name whenever I run into an idiot site that uses it. NoScript keeps me safe from it.

    5. Re:Disgus? by Megane · · Score: 1

      And most recently, they have apparently removed the thread collapse widget, which was the only thing that made a comments thread with hundreds of replies readable, by collapsing sub-threads that have clearly gone off into the weeds. This also helped with the tendency for people to reply to the top post, then the top post below that, etc., clumping the reply tree to the top. Maybe that caused people to actually load comments to read the replies, because now there's no point, so less bandwidth and server load for them. Good riddance, I guess.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    6. Re:Disgus? by Anonymous Coward · · Score: 0

      Engage people with the voices they trust. Their own.

      What?


      ...what?

  3. Disgus? by theweatherelectric · · Score: 0

    It's not "Disgus" with a G, it's "Disqus" with a Q. It's a play on "discuss".

  4. Disgus by Anonymous Coward · · Score: 1

    Freudian slip?

  5. Disqus-ting by Anonymous Coward · · Score: 0

    Yet another one gets hit.

    What was the hole this time I wonder.

  6. Disqusting. by Rubinhood · · Score: 1

    I wonder how many more upcoming breach announcements we'll have, all hoping to get away with minimal casualties because they aren't as bad as the disasters at Equifax and Yahoo.

  7. Have I Been Pwned Website by cdreimer · · Score: -1

    Check out "Have I Been Pwned" website. You can enter all your email addresses and get notifications if a particular email address got exposed in a data breach. I've gotten several email in recent days informing me of data breaches at Kickstarter and Pinterest.

    https://haveibeenpwned.com/

    1. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      What a great idea. Supply valid email addresses to an unknown third-party. That little BB rattling around your skull is very lonely, isn't it?

    2. Re:Have I Been Pwned Website by Rubinhood · · Score: 2

      He is right though. If you can get yourself to trust HaveIBeenPwned.com (and it's a pretty well-known security site), then you get free reports of all major password leaks from all other sites, even itself if that ever happens. If you can't trust it, then you you implicitly trust *all* the other sites you sign up for to not get hacked, or to reliably notify you when they do. Now which is easier: to trust one site, or to trust all of them minus the first one?

    3. Re:Have I Been Pwned Website by JohnFen · · Score: 1

      Yep. I use the notifications from that site to remind me when it's time to change all my important passwords.

    4. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Since this is a good post I'll promote it to a whopping zero score.

      Check out "Have I Been Pwned" website. You can enter all your email addresses and get notifications if a particular email address got exposed in a data breach. I've gotten several email in recent days informing me of data breaches at Kickstarter and Pinterest.

      https://haveibeenpwned.com/

      This way we can all benefit from the only good post you made all year without having to mod you up where you'll spam your amazon affiliate links all over.

    5. Re: Have I Been Pwned Website by mprindle · · Score: 1

      Every single email that I checked shows to have been compromised. Sigh.....

    6. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      ***please pay attention to the Moon update***

      C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."

      But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!

      Creimy Dumpty sat on the wall,
      Creimy Dumpty had a great fall.
      All the king's horses
      And all the king's men
      Couldn't put Creimy Dumpty
      Together again.

      Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
      https://www.youtube.com/watch?...

      With "Vice President Pence Vowing US Astronauts Will Return To the Moon", we are sure they will need miracle workers up there, here is what it would look like. Note that Creimy takes care of bringing a lot of food to the moon as depicted below:
      https://www.youtube.com/watch?...

      Creimy's real pictures:
      Before the sex change:
      https://ibb.co/cc7Ddw
      After the sex change:
      https://ibb.co/gVad65

      Creimy's "enterprise-level" chair, he talks about it all the time on slashdot:
      http://www.keynamics.com/image...

      Creimy's head, while his supervisor was talking to him, not with him, since it is impossible to do with Creimy:
      https://school.discoveryeducat...

      Creimy acting in educational resource document, he actually confirmed himself on Slashdot that he was handled by Special Education for the Santa Clara County Office of Education! He is really a king Dumpty!:
      http://www.sccoe.org/depts/stu...

    7. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Exactly! We, at Special Education for the Santa Clara County Office of Education, couldn't agree more with you!

      For the valuable /. users that might already have read the following, please note that there is an important update.

      IMPORTANT UPDATE:
      Special Education for the Santa Clara County Office of Education has invested money to buy Chris a new chair:
      http://www.keynamics.com/image...

      Information about Christopher Dale Reimer and autistic people:

      Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.

      To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.

      The autistic patient condition went even worse because he realized it wasn't the same penny!

      Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.

      I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
      http://www.sccoe.org/depts/stu...

      Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
      https://ibb.co/gVad65

      Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
      https://school.discoveryeducat...

      But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.

      Thank You dear users,
      -Nancy Guerrero

    8. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Christopher, my love,

      I am deeply sorry. I didn't feel well lately but I am better now since I had my meds adjusted. I am sorry that I called you all sorts of names on /. and I feel truly ashamed of myself.

      The python click script you wrote for me my sweet love for my pheromone revenue stream web site suddenly stopped to work.

      Could you come visit me in my studio so we could look at it?

      Signed:
      Your sweetee who will love you for ever.

    9. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      You are just as delusional as creimer. If you give him the slightest chance, he will just jump into the opening and get back at his old tricks. That's all he knows and that's all he is interested about.

      --
      The chief representative AC.
      Let's make Slashdot great again!

    10. Re: Have I Been Pwned Website by Anonymous Coward · · Score: 0

      That's what you get for following creimer's advice. Now, expect to be spammed with amazon affiliate links as well by email to those addresses as well.

      Creimer is highly toxic.

    11. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Brilliant!

      Welcome to creimer's empty heads club, you are now automatically subscribed as a member!

    12. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      So many bitter people replying to this comment. Did creimer pwned them all?

      CAP: chortle

    13. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      No I totally agree. Anything he does here is just an attempt to up his karma so that more people click the link in his sig and poison their amazon cookies.
      But even if by some chance he gets 5 upvotes and get to 0 karma it'll be 2 posts before he's booted back down.

    14. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Tick tock, fat boy!

      http://www.tmz.com/2017/10/06/...

    15. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Who the fuck is creimer? Sounds like a fat, lonely, sour-smelling loser.

    16. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Well it says your usual email hasn't been pwned so you're OK on that side.

    17. Re:Have I Been Pwned Website by lucm · · Score: 1

      no but in the summary they already mention the website and the fact that it's the guy who runs haveibeenpwned that told disqus about the breach. Then creimer steps in and mention the site in his insightful comment.

      That's like telling a joke to two retards then hearing one of them telling the joke to the other.

      --
      lucm, indeed.
    18. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Yeah, typical creimer M.O. Be as annoying as possible, then play the victim when people get tired of his noisome horseshit.

    19. Re: Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Have you stopped raping your neighbor's goats yet?

    20. Re: Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Has anyone verified that this site isn't going to send spam with a dump email?

      Just wondering since my normal source for dump emails has an NSFW name and I'm reading this at work.

    21. Re: Have I Been Pwned Website by Anonymous Coward · · Score: 0

      What neighbor? They're *MY* goats, Chris!

    22. Re:Have I Been Pwned Website by cdreimer · · Score: -1

      Yeah, typical creimer M.O. Be as annoying as possible, then play the victim when people get tired of his noisome horseshit.

      My M.O. is to post a comment, sit back and laugh my ass off at all the butthurt comments. As my friend said after reading these comments, "These people need to get a fucking life."

    23. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Sure, and you *chose* to get your karma nuked to -1, right, tubby? And I'm supposed to believe someone like you has friends, and they fit in your 475sq.ft. storage closet?

      Oh, right, you "had" you ten year old (no hyphens, dummy) account deleted, but magically feel the need to register 4 new accounts?

      You're such a smear of rectal jelly.

    24. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      It may be actually kinda lame to waste time on you. It's worse to delude yourself into thinking that you're not universally disliked so that you can keep posting on a dying forum and make 13 extra dollars a day posting links to amazon.

    25. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      Creimer must be moving up in the world. Six months ago he was making a half-cent per day on Slashdot.

      CAP: please

    26. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      According to the graph he posted it was the best month he had. He's making a lot less now, no doubt because his "trolls" have made everyone aware of his hustle.He should block this site and get into behavioral therapy

    27. Re:Have I Been Pwned Website by Anonymous Coward · · Score: 0

      " and laugh my ass off "

      Oh, is that what happened to it?

    28. Re: Have I Been Pwned Website by Zaelath · · Score: 1

      NFI what you're asking.

  8. this is my email address. there are many like it, by turkeydance · · Score: 0

    but this one is mine.

  9. SHA-1's flaws have nothing to do with this by plover · · Score: 5, Informative

    "About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers,"

    Sigh. If you're going to pick a quote, pick one that states a meaningful fact. SHA-1's flaw is that it allows a pre-image attack, where an attacker can craft a duplicate message that yields the same hash value as a different message, which is very useful for forging signatures on certificates. But that flaw is utterly useless for more efficiently brute force attacking a password that was hashed with SHA-1.

    All the information I gleaned from this quote is that the author doesn't understand what he's talking about, and his writing isn't worth reading. Oh, and that my password on Disqus is still safe.

    --
    John
    1. Re:SHA-1's flaws have nothing to do with this by JohnFen · · Score: 1

      Yes, you're right. I totally missed that!

  10. websites need to allow logins other than goog/twtr by johnjones · · Score: 1

    I really don't trust these sites to do a good job... but only allowing google and twitter oauth providers is pathetic

     

  11. Re:websites need to allow logins other than goog/t by plover · · Score: 1

    Years ago, I used Yahoo!'s OAuth provider to sign up on lots of sites. That sure kept my accounts secure! :-/

    --
    John
  12. 5 years after the fact by Anonymous Coward · · Score: 0

    Many of those account owners could literally be dead.

  13. Re:websites need to allow logins other than goog/t by JohnFen · · Score: 2

    The problem with oauth and the like is that they are a bit like keeping all your eggs in one basket. If the auth provider is breached, it is theoretically possible for credentials to be forged. Unlikely, but possible. It's generally better to compartmentalize, so a breach at one place won't make you vulnerable anywhere else.

    On the other hand, people really don't like doing passwords in a secure way. It is, admittedly, a real hassle. If you aren't going to do passwords securely, then you're much better off using an auth provider.

  14. Ask Ash-Fox about his NDA lie by Anonymous Coward · · Score: -1

    AssFux (lol) tell us about your NDA lie and your dns fuckups apk tore you up on please hahahaha https://slashdot.org/comments.pl?sid=11188265&cid=55322595/

  15. Yet another massive government failure. by Anonymous Coward · · Score: 0

    The USA government simply cannot be trusted.

    1. Re: Yet another massive government failure. by Anonymous Coward · · Score: 1

      That is so true. They came within a few million votes of having #CrookedHillary elected. If that isn't a failure, what is?

    2. Re: Yet another massive government failure. by Anonymous Coward · · Score: 0

      That is so true. They came within a few million votes of having #CrookedHillary elected. If that isn't a failure, what is?

      Voting Donald Trump in as President? That sounds like just as big of a failure. We never had a chance, two boatloads of fail. Fuck me.

    3. Re: Yet another massive government failure. by Anonymous Coward · · Score: 0

      EXactly. Anyone in guvermint who uses a private email server should be JAILED FOR LIFE.

    4. Re: Yet another massive government failure. by Hal_Porter · · Score: 1

      Back during the election this line made me laugh.

      "Both Hillary and Trump will cause an apocalypse, however Hillary's apocalypse will be cold and gray, like The Road. By contrast Trump's apocalypse will be loud and garish with flamethrowing electric guitars, like Mad Max : Fury Road"

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  16. NOW they tell us... by Anonymous Coward · · Score: 0

    After their members spent half a decade posting unwittingly with their de-anonymized accounts.

  17. Ask Ash-Fox about his NDA lie by Anonymous Coward · · Score: -1

    AssFux (lol) tell us about your NDA lie and your dns fuckups apk tore you up on please hahahaha https://slashdot.org/comments.pl?sid=11188265&cid=55322595/

  18. Ask Ash-Fox about his NDA lie by Anonymous Coward · · Score: 0

    AssFux (lol) tell us about your NDA lie and your dns fuckups apk tore you up on please hahahaha https://slashdot.org/comments.pl?sid=11188265&cid=55322595/

  19. Passwords are special. SHA-1 is much too fast by raymorris · · Score: 3, Interesting

    You are absolutely correct for SHA-1 hashes of random data, of significant length. Passwords, however, are neither random nor long. I'll describe the attack for you and you can try it out yourself. The fact that an ordinary consumer PC can compute SHA-1 password hashes at the rate 10 billion per second is why SHA-1 is no longer appropriate for passwords. Here's how the attack is done:

    Download two large lists of passwords, any "combined list" from your favorite haxor site will do. It doesn't matter what sites the passwords are from. If you run a comparison, you'll find that given two lists of a million passwords, about half of the passwords will be on both lists - with different accounts. That is, there is about a 50/50 chance that your password is in the list because somebody else used the same password. You probably know it's not too hard to find lists totaling many millions of passwords (we don't need fresh ones). If we put together a list of 10 million passwords, most of the Disqus passwords will be on our list, because SOMEBODY used the same password (not necessarily the same person).

    So we take the first, most common password on our list of previously seen passwords and try it against each of the 17 million hashes from Disqus. Because SHA-1 is so fast, our $100 GPU can check all 17 million hashes in one millisecond. In one second, we can try the top thousand most common passwords. In 24 hours, we can test out 10 MILLION passwords that somebody, somewhere, has used before, and thereby crack perhaps 8 million of the Disqus passwords - which gives us the email addresses to match those passwords.

    For passwords, therefore, you need a hash that can't be easily computed at the rate of billions per second with commodity hardware. Bcrypt and scrypt are appropriate choices. To avoid certain problems with particularly long or particularly short passwords, you first take a SHA-2 hash of the password, then scrypt it.*

    * In the general case of random data, hashing a hash doesn't add security. Passwords, however are not the general case.

    1. Re:Passwords are special. SHA-1 is much too fast by lucm · · Score: 1

      first take a SHA-2 hash of the password, then scrypt it.*

      * In the general case of random data, hashing a hash doesn't add security. Passwords, however are not the general case.

      Did you really have to end your main comment with a footnote reference, immediately followed by the footnote? That blatant abuse of footnotes creates a dark cloud of suspicion over your message, which is too bad because I was with you up to that point.

      --
      lucm, indeed.
    2. Re:Passwords are special. SHA-1 is much too fast by plover · · Score: 1

      And that in no way defends the incorrect assertion of the article's author that associates SHA-1's flaws with this attack, which was the entire point I was trying to make.

      Regarding the security of the password hash database that was stolen, I was assuming a few things: that the attackers are lazy, and while they might try a rainbow table, they won't bother brute-force hashing salted passwords; and that when disqus says they used a salted hash, that they actually used a proper per-user salt algorithm, and not a common-to-all-users salt.

      And yes, any scheme can still be bruted force attacked with a limited list of common passwords. Even PBKDF2() hashed passwords can be brute force attacked with a very limited number of common passwords (perhaps the top 10, like "password", "abc123", etc.) and no doubt more than a few user accounts will fall. This being disqus (not exactly a high security site), I have to wonder how many of their users reused their same passwords on their banking or other high value shopping sites? Account Take Overs that exploit a common password across multiple sites seem to be the most damaging form of attack in use today, so I suppose it's prudent to assume that this database is no exception, and that the attackers aren't as lazy as I had assumed.

      Of course if they used a common-to-all salt, you can bet that Troy Hunt will start building a rainbow table soon (if he hasn't already begun to do so.) And I'd be even more concerned about the security of that password.

      --
      John
  20. Re:websites need to allow logins other than goog/t by lucm · · Score: 1

    It's also annoying if you close your Google account and those sites are tied to it.

    --
    lucm, indeed.
  21. Hmmm... by thegreatbob · · Score: 1

    Guess what service I'm glad I never bothered to sign up for.

    --
    There is no XUL, only WebExtensions...
  22. Scam by Crass+Spektakel · · Score: 0

    Disqus is a scam.

    A while ago we had a news discussion where we found the following rules for cencorship:

    "Putin is an Idiot" is censored.
    "Trump is an Idiot" is censored.
    "Obama is an Idiot" is NOT censored.
    "Merkel is an Idiot" is NOT censored.

      So now we got curious, we edited the already posted texts by exchanging the names randomly... at first the "new" anti-Putin comments where up for a couple of minutes puplicly and then got cencored. The "new" Anti-Obama-comments on the other hand where still blocked for a couple of minutes and then became public. So we edited the texts back and voila, a couple of minutes later the censorship strikes again. We continued this on several accounts for a couple of hours then suddenly EVERY edited comment became invisible for a couple of hours(!) until being manually switched public as long as it did not insult putin or trump. Being Greasemonkeys we made sure the texts got edited for another couple of days over and over again, also using new accounts but no way to criticize Putin.

    Forum didn't matter, topic didn't matter, it just was not possible to critcise authoritarian politics. After we made this public several news papers stopped using disqus.

    Therefor I say: Disqus is a Scam!

    --
    "Life is short and in most cases it ends with death." Sir Sinclair
    1. Re: Scam by Anonymous Coward · · Score: 0

      Isnt censorship of disqus done by the web-Site USING disqus as a Service ?

      My experience on some Sites with disqus is very good, while others censor everything remotely critical.

      I call your Post bullshit.

  23. Be careful! by williamreview1 · · Score: -1

    I have an account too. What should I do? https://williamreview.com/vids...

    --
    http://williamreview.com/
  24. Except Facefarm and Google get a copy instead by Anonymous Coward · · Score: 0

    Potayto potaughto

  25. Breach in 2012 by MoarSauce123 · · Score: 1

    ...and now 5 years later they notice it? Why are companies like that still allowed to stay in business?

    1. Re:Breach in 2012 by plover · · Score: 1

      ...and now 5 years later they notice it? Why are companies like that still allowed to stay in business?

      My guess is that the evidence of the attack from 5 years ago has long since been destroyed. Disqus *never* noticed it themselves, they were only recently informed of it by Troy Hunt, who obtained a copy of the stolen database and then contacted them.

      Anyway, there isn't a law against being incompetent. There may still be consequences, however, if their clients get mad at them for this breach and abandon disqus in favor of another commenting system.

      --
      John
  26. It wouldn't be a big deal... FIVE YEARS AGO. by Anonymous Coward · · Score: 0

    It wouldn't be a big deal... if for not the fact that NOW they are telling us about something that happened FIVE YEARS AGO.

  27. So, if we add that 17.4 million . . . by sgt_doom · · Score: 1

    . . . to the latest count of over 3 billion, 240 million invasive hacks since 2012, we how are updated to OVER 3 billion 258 million!

  28. Good! by bib1620 · · Score: 1

    Couldn't happen to a better company. The way they show posts must be one of the most fucked up ways of doing it.

  29. How can they? by Anonymous Coward · · Score: 0

    How can they email the affected people when they said that their email addresses were stolen?

  30. fuck any site using disqus by Anonymous Coward · · Score: 0

    disqus is shit, any web site using it is not worth my time.