Disqus Confirms Over 17.5 Million Email Addresses Were Stolen In 2012 Hack of


Is any of this applicable to us here at Boing Boing?

Discus breached 17.5 million user accounts in 2012, then did everything right about it in 2017

possibly. Boing Boing used Disqus back then, but we allowed logins via the site itself using OAuth, so those credentials would not have been compromised.

However, if you created a Disqus account instead of a Boing Boing account, then yes, you may have been affected, and should make sure that your Disqus password is not used elsewhere.

This is also a good time for me to recommend a password manager to allow folks to use a unique password per site, and enable two-factor authentication everywhere possible.


I think I created a BB login and not a discuss login back then. I guess I’ll have to go over to haveibeenpwoned and check. :frowning:

Thanks for the insightful reply.

closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.