Richard Lawler reports:
Another day, another security breach (and another, and another…). This time its Disqus, which is revealing that in 2012 — around the time when Engadget used Disqus for comments — hackers made off with some of its data, covering a snapshot of usernames and associated email addresses dating back to 2007, as well as sign-up dates, and last login dates in plain text for 17.5mm users. More distressing is news that it also coughed up passwords for a third of those accounts, which were in hashed (SHA1) form but its possible the attackers could have decrypted them.
Read more on Engadget.