WordPress Plugin Leaves Users Vulnerable
Disqus, a popular WordPress plugin, revealed they were the victims of a data breach. Disqus is used for bloggers to allow individuals to comment on their articles. The hack began in July of 2012, and could be one of the longest undetected breaches, as it was just recently discovered. On October 5, 2017, Troy Hunt of Have I Been Pwned, disclosed the breach to the company and within 24 hours the organization had publicly announced the leak.
It is suspected over 17.5 million email accounts and passwords were exposed, along with Disqus usernames and login records. According to International Business Times, the account data dated back as far as 2007.
The good news is, the passwords were encrypted using an algorithm, so they were not in plain text. The bad news is, the algorithm used was well-known, and could be easily undone to obtain the actual passwords. Beyond the risk of password exposure, the email addresses were stored in plain text. Therefore, there is an increased risk for phishing attacks to those individuals whose email addresses were exposed.
To find out if you were impacted by this breach, go to Have I Been Pwned, and enter your email address. Click “pwned?”. If your email address has been leaked, it will tell you which breach led to the leak, and when.
**PC Pitstop does not use this plugin for its blog.