Disqus
  • Total Records27,839,763
  • Unique Emails17,579,713
  • Unique Email Providers1,104,752
  • Unique Usernames27,551,077

The 2012 Disqus Data Breach: What Was Exposed and When

Disqus, a popular commenting platform used by countless blogs and media sites worldwide, suffered a data breach back in July 2012 that would only come to light more than five years later, in October 2017. Attackers managed to gain unauthorized access to Disqus’s user database, resulting in the exposure of information from more than 27.8 million accounts. While Disqus users trusted the service to facilitate online discussions, attackers accessed usernames, email addresses, and hashed passwords of registered users. Those who used social providers to sign in did not have passwords exposed, although their account references were still compromised. The breach went undetected until it was finally reported by Disqus in 2017, at which point they took steps to secure affected systems and notify users.

What Data Was Leaked in the Disqus Breach?

The Disqus data breach exposed three primary types of information: usernames, email addresses, and hashed passwords. For users who logged in using services like Facebook or Twitter, their linked account references became part of the data accessed, but passwords were not included for these accounts. While password hashes offer a level of protection, exposed usernames and emails still left users open to possible phishing attempts and spam.

How Many Users Were Impacted?

The scale of the breach was significant—exactly 27,839,764 user records were exposed. This figure included anyone who registered with Disqus up until July 2012, the date of the breach. Social login users were also affected, though their passwords were not leaked.

When Did the Disqus Breach Happen?

The attack on Disqus’s systems took place in July 2012. However, the breach was not discovered until October 2017, when the company publicly acknowledged the incident and began alerting users. This five-year window between compromise and detection is a reminder of the importance of regular security reviews and breach monitoring.

Timeline of Events

  • July 2012: Disqus’s user data is compromised following a successful attack on its systems.
  • October 2017: Disqus discovers the breach and quickly begins notifying affected users and rolling out enhanced security measures.

Frequently Asked Questions About the Disqus Breach

What information was exposed in the Disqus data breach?

The breach resulted in attackers gaining access to usernames, email addresses, and hashed passwords for Disqus users. If you logged in through a social platform, only the account reference was exposed.

How many accounts were affected by the Disqus breach?

Over 27.8 million accounts were impacted by the 2012 Disqus data breach, including users who registered directly and those using social logins.

What caused the Disqus data breach?

The breach happened due to a compromise of Disqus’s systems in mid-2012, allowing attackers to access user data. Details on the method of intrusion were not fully disclosed.

How can I check if I'm in the Disqus breach?

You can check if your information was part of the Disqus breach by utilizing the DeHashed search engine.