This past weekend saw three data breach revelations. Blog comment hosting service Disqus announced that a past data breach affecting millions of user accounts occurred, while details on 2014 data breaches from link management platform Bitly and crowdfunding platform Kickstarter were also disclosed.
The largest number of affected users came from the Disqus hack, which occurred in 2012. The company announced that 17.5 million email addresses were exposed due to the hack, which included information such as usernames, sign-up and last login dates in plain text, as well as salted passwords hashes using SHA-1. Some of the information included in the hacked user database date back to 2007.
The breach was discovered after researcher Troy Hunt of data breach tracker Have I been Pwned initially disclosed to Disqus on October 5 that their information was possible exposed. Immediately after, the company obtained the affected data to verify and analyze, after which it started contacting users and resetting the passwords of the accounts included in the breach.
Disqus stated in their blog post that the exposed data is neither widely distributed nor easily available. However, they recommended that all users—even those whose account information was not in the database—change passwords for security purposes.
Additional information culled by Have I been Pwned revealed more breaches that affected 9 million Bitly users and 5.2 million Kickstarter users. Both of these breaches apparently occurred in 2014. Although both companies had already acknowledged the breaches in separate blogposts, neither actually listed the number of accounts affected. Bitly did post guidelines for their users to protect them from the potential effects of the breach—notably by changing their API keys and OAuth tokens, while Kickstarter users were encouraged to change their passwords.
In order to secure their accounts further, all users of online services—and not just those who are potentially affected by data breaches—should make it a habit to change passwords regularly. This greatly minimizes the chance that an attacker who has access to user information can access the actual accounts. For users with multiple accounts, the use of a password manager provides an efficient method for tracking and managing both user IDs and passwords from a single application.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).