In the official blog of Disqus service, 6th of October became the day when the company disclosed information about a security breach that occurred in 2012. Sounds like a student of Yahoo (since Yahoo waited several years to reveal information about a breach as well)? Not exactly.
Disqus reports that it had no knowledge of the incident prior October, when an independent security researcher contacted them to announce about a possible breach of data. The researcher informed Disqus about the breach on 5th of October, and the next day, the company wrote an article about this incident. Definitely a more sufficient way of handling a crisis.
The breach refers to a leakage of data in 2012. It included information about approximately 17 million of users and some of the details were from as early as 2007. The leakage consisted of usernames, email addresses, sign-up dates, last login dates and hashed passwords. However, they were protected with SHA-1 algorithm which is no longer the strongest encryption method around.
In the article, the company states to be very sorry about this incident and declares that transparency is the most important thing in a situation such as this. Many companies do not feel same obligation and are more eager to hide worrying accidents from the public. Most of them are probably worried about being blamed for poor-security measures. However, being honest and genuine about your service is a key aspect of every business.
Disqus explains that it has not detected any outside attempts to obtain the information which was included in the breach. However, since email addresses might have been collected, users could have been involved in multiple spam campaigns. Furthermore, it is important to change your password. In fact, you should do this regularly. Do not reuse these codes for more than one account. If one is hacked, then the other one is probably going to be hijacked as well.
The company does not think that any of their members are in danger. Disqus is forcing users to reset their passwords and informing them of other details that might have leaked. The incident is still being investigated, but we it is refreshing to see a company that informs its clients about the current events even if they are unpleasant. Definitely an example for other companies to follow.