Privacy Alert! Disqus data breach!

Some websites require you to have a Disqus account in order to comment.

Disqus is a worldwide blog comment hosting service for web sites and online communities that use a networked platform.

Last night, LifeLock issued an alert that Disqus.com has incurred a data breach.

If you have an account with Disqus, this means whatever data you’d entered at Disqus is compromised, including your email address and your password.

Below is the alert from LifeLock:

Description: The site disqus.com has been reported to possibly have suffered a data exposure that could include emails and passwords. The possible exposure would have happened in June 2012 although it was reported in February 2018.

Where Found: Dark Web, , a term used which may also include the deep web or a peer-to-peer file sharing network.

Password: Exposed online

LifeLock’s advice:

  1. Change the password associated with the affected website or email service immediately.
  2. Set up 2-factor authentication if available with that website/service.
  3. If you see a Social Security Number belonging to you, review credit reports for suspicious activity, watch financial transactions, and make sure LifeLock alert preferences settings are up to date for the account that belongs to you.

~Eowyn

Advertisements

46 responses to “Privacy Alert! Disqus data breach!

  1. Thank God they coated it in “data exposure”…I feel better

    Liked by 1 person

  2. Thank you for the warning, Dr. Eowyn.

    Liked by 5 people

  3. 2012? Wasnt on, they do kmow this is 2018? I never understand why the lag in reporting

    Liked by 4 people

    • Given the enormous and egregious lag in reporting data breaches, who’s to know that the breach hadn’t recurred after 2012?

      Liked by 4 people

    • kjf . . . . . I got hung up on the very same fact. I think they figure they had better fess up before someone realizes that this happened and sues them. I find keeping this kind of information from those who use your services to be well beyond the pale. It is gross negligence to inform people six years after the occurrence.

      Liked by 1 person

  4. Thank you for the info Dr Eowyn. I don’t have a Discus Acct, a Google Acct, or any social networking Accts, this is the only Site I comment on because I trust Dr Eowyn and his Site. I also use Start Page for private browsing, not that I have anything to hide, I’m just a privacy advocate.

    Liked by 3 people

  5. Everybody has stuff to hide. They just don’t realize it was worth hiding until someone abuses it. Like social security numbers, or their physical location/location of relatives, where their children go to school, etc. The list is almost endless and you’d be horrified to realize how easy it so to track people. Dr. Eowyn does it.

    It’s why people need VPNs. Not everyone spying on us is our moral, upright, totally innocent Government, right? Right?

    Like

    • “Dr. Eowyn does it.”

      I don’t track people, don’t know who “Eli” is, nor am I interested in finding out. I occasionally look up the IP addresses of truly vile and hateful trolls who come on FOTM to spew obscenities and make death threats.

      Liked by 2 people

    • As Dr. Eowyn mentioned, the only way we “track” people is to locate an IP address, when someone comes here with a threat. That happened to me and we tried to “track” that person (via IP) so I could include it in my report to the police.

      Liked by 3 people

    • Sorry for the stupid question but what is VPN short for?

      Liked by 3 people

      • I believe it is short for “Virtual Private Network”.

        Liked by 2 people

        • A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs may allow employees to securely access a corporate intranet while located outside the office. They are used to securely connect geographically separated offices of an organization, creating one cohesive network. Individual Internet users may secure their transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the purpose of protecting personal identity and location.

          https://en.wikipedia.org/wiki/Virtual_private_network

          Like

      • Lana . . . . Thanks for asking that question . . . I didn’t have the faintest idea what “VPN” was either. Now, I am left wondering if we really need a VPN? Does anyone have thought on that?

        Liked by 1 person

        • My view is that using a VPN can protect you against casual trolls and hackers. website data miners, advertisers that follow you by IP, etc., IF the VPN truly hides or masks your IP (assigned, typically the same IP (Internet Protocol) address, by which data is routed to/from you, every time you connect/log on to your Internet Service Provider).

          And not as much if they merely bounce you, SLOWLY, across several known servers around the world before you reach your desired destination.

          Data security analysts, the law, private eyes, the intelligence community, etc., aren’t going to be as hampered in finding you regardless of using a VPN. And even if you hide your IP address, there’s still the matter of your computer/device’s (and router and modem) machine identifier number (MAC), which takes additional steps to hide. And websites record your OS, your browser, versions, video, etc. as well, and sometimes your GPS location, all of which can also be used to find you. Some devices and components (e.g., CPUs, sound & video cards, network interface connectors) also have unique identifying numbers they broadcast while online. And that’s just the non-dark web folks. The overt, basic stuff.

          I figure so long as I keep capital offenses off my to-do list, and don’t give away my personal info (as much as possible), I’ll forego the VPN route. I tried an old version called Tor (Onion Router) long ago, and it was a major slowdown. But at the time it was the only way I could get online… not sure why; always suspected a technical glitch, but may have been hacked.

          I just googled my (years-)old phone number last night and was amazed at how quickly the info came back identifying me, my home (with map & photo), prior homes (some bogus due to stolen credit card #s years ago that the credit report bureaus never fixed, but I now have the addresses of those idiot criminals), my relatives… it just goes on, and that’s just the free stuff. For a price, they’ll give out a lot more on me. Disgusting.

          NEVER give out your personally-identifying information without good cause. It will get you branded persona non-grata some places; some websites will refuse to work at all. You won’t be able to view or read or hear some things online… won’t be able to buy things other places. But at least you’ll be preserving your security and privacy a bit longer.

          I would also NEVER use a password-keeper app nor website to store my personal passwords. That just seems like a real dumb idea to me… I have an envelope stuffed with papers on which I have usernames, emails, and passwords (and sometimes birthdates, maiden names, etc. — also given falsely) recorded for the hundreds of websites, cellphone and tablet apps, and of course my computers I own or have used. For years now, it’s been nearly impossible to setup or use a PC without an Internet connection and giving out your personal ID, username, password, email, etc. It sucks, IMO.

          BTW – next time you go online with a cellphone or tablet, even with the app store told to NOT auto-update your apps, take a peak at how many apps (including built-ins you can’t disable) scramble to go online while there’s a connection. Use Developer Options, Running Apps (or just see Services, Apps, running & cached) or a task manager app to view them. It’s like cock roaches when the lights go out. Then check the permissions those apps claim for themselves when you installed them, or read the Terms & Services and/or EULA docs that should have come with them, or that can be found on the web. They’re all spying on us, constantly. It’s why the batteries only last a day for most folks who use their cellphones and tablets regularly. I set mine to only go online when WiFi is available (and use data restriction via power saving choices), then keep WiFi off when not in use.

          I’m not paranoid, I’m mad that this is our modern reality. It’s mostly to get our IDs (name, address, phone number, etc.), watch what we do & where we go, focus advertising, and thus sell us more crap we don’t need. At least I hope that’s why they do it. But for some, I suppose it’s more sinister.

          Liked by 1 person

  6. And by mentioning Eowyn, I’m referencing his ability to determine the location of people who bring offense on this site. But the Dr.s methods are, so far as I am aware, not impossible or hard to duplicate for anyone with a strong desire. It’s scary. Eowyn I’ll trust enough, but who else is looking?

    Liked by 2 people

  7. Reblogged this on necltr and commented:

    To whom it may concern.

    Liked by 3 people

  8. I am definitely off track in making this comment, but . . . evidently the Congress has allocated 10 million dollars for year 2018 to the Mueller Commission, and another 10 million dollars for year 2019 . . . I was so angry over hearing that. What is so important that we flush money of that magnitude down the toilet with the Mueller gang?

    This is really something to be outraged over.

    Liked by 1 person

    • That’s a good point. We’re really funding the DNC. I know people will get mad at me but I don’t understand why Trump can’t get control of this. The Justice Department is totally out of control.

      Liked by 2 people

    • “Congress has allocated 10 million dollars for year 2018 to the Mueller Commission, and another 10 million dollars for year 2019”

      But ZERO for the Wall. To quote lophatt: “They don’t work for us.”

      Liked by 1 person

      • Dr Eowyn . . . . Wow! You came up with an absolutely stellar question, regarding allocation of funds. I would rather have that 20 million go towards The Wall, than to the nonsensical Mueller Commission.

        Liked by 1 person

        • The comment, “They don’t work for us,” is truly the gist of the whole matter. Those thieves, and rascals back in Washington, DC do not believe for a nano-second that they are beholden to you or I, or any of the other tax paying citizens. We must work to change that kind of thinking in those we send to Congress.

          Liked by 1 person

  9. I have a “Discus” acct. because, once “in a blue moon” I comment on someone’s site. I usually regret it, however. I have gotten them most insane, off the wall responses on “Discus” I’ve ever seen.

    I rather think its a government operation. They control the discussion by insulting commenters.

    Liked by 2 people

    • I think it’s a gov op too. Every time I put something, which I feel is important and or personal, (i.e.: pizza gate, my family lived through it, our case involved those attached to pimping the kids out in, “happy valley,” and reached/reaches all the way down to the DuPont circle q*****), I will ALWAYS get a thumbs up from someone (various ones though) who’s disqus profile says, “young ….. girls,” with minimal comments themselves, with the last comment being from around 3+ yrs ago. And, like I said, they are ALWAYS in re to my commenting on the pedo problem within the upper echelon of society (lawyers, judges, politicians, etc.).

      Being as I’ll comment, bringing up dirt I lived through, (which gave me ptsd, sincerely)to and for those DENOUNCING the legitimacy of pizza/pedo gate, I cannot lie, it makes me feel like nsa, or whomever, “they,” are, are giving me support (bc for YEARS, no one cared at all), lol. Very, “Schizo,” of me. I know.

      Anyway, my disqus account is relatively new. But, the IRS CI’s told me a couple of years ago, everything of mine, sans a land line, were tapped. Guess who doesn’t have a land line too, LOL.

      Sorry for my digressions.

      Liked by 1 person

      • I think I know what you mean. I made a couple of comments on “Vigilant Citizen” about an innocuous subject and received ugly comments for days. Most of them didn’t even relate to what I said.

        Many years ago I used to post at a site that was doing really well. It was excellent. Then we got targeted. It was something to experience. There were people on there with the expertise to trace it. It’s hard to believe that they have resources that can and will do that, but they do.

        Liked by 2 people

        • When vigilant citizen deleted their pizzagate post, it lost legitimacy to me.

          Liked by 2 people

          • On Sept. 23, 2016, Vigilant Citizen (VC) published the post, “Why the Trump vs. Clinton Election is a Complete Sham,” instructing its readers not to vote in the upcoming Nov. 8 presidential election. I was utterly disgusted by VC‘s grandiose know-it-all and plain irresponsibility. I wrote a comment questioning how he knows Trump is no different than Hillary, and proposed that the only way to verify his claim is precisely to vote for Trump. If President Trump turns out indeed to be no different than Hillary, that proves VC to be right; if President Trump turns out to be different than Hillary, that proves VC to be wrong. My comment was never published.

            Instead of admitting he is wrong, Vigilant Citizen chose the coward’s way out by deleting the post from his website. But the post is reproduced on many websites, including The Seeker, which you can read here: http://www.thetruthseeker.co.uk/?p=139951.

            This is why I no longer read Vigilant Citizen.

            Liked by 3 people

            • I don’t read it either, at least not regularly and, when I do, I’m not impressed. I was bored and went to their “forum” and commented. I’m sorry I did because I was bombarded for days by people I’ve never heard of that obviously didn’t understand a thing I was saying. All they knew was that they didn’t like it.

              I later determined that most of them were leftists so I wrote it off to insanity.

              Liked by 2 people

        • “It’s hard to believe that they have resources that can and will do that, but they do.”

          Don’t you mean “but they don’t”???

          Liked by 1 person

          • I was referring to my mention of another site, several years ago, sorry. They DID have the resources to drive that one completely out of existence over time. It took months but they were at it day and night.

            So, what I meant was, if it is either a government entity or an organization, they apparently will actually pay people to work something around the clock. Their goal is to disrupt it so utterly that it can no longer function.

            The site did not have any active moderation. What they did was get themselves declared moderators and that caused its demise.

            Liked by 1 person

      • solejahway . . . . I am so very sorry that you have had to live thru the evil criminality of others. I hope that you can rise above that trauma.

        I did not know that landline conversations were excluded from being captured by the NSA. Well, now, I am pretty happy that my old fashioned ways are paying off . . . I only have a landline. No cell phone for me, I tried it once but didn’t like it.

        Like

        • I believe he was implying that the other things were tapped by illegal resources, whereas a land-line tap would’ve needed a legitimate warrant.

          Oh. PS. I thank you, auntie Lu. 🙂

          Like

  10. Thank you Doc I have an account but I forget the pass so much I change it every other week any way so sure I’m safe so far ☻

    Liked by 2 people

  11. Pingback: Privacy Alert! Disqus data breach! – 1AFSYM

  12. Talk about closing the barn door after the horse has escaped…

    Liked by 1 person

  13. I don’t mean to sound paranoid or whatever, but nobody should ever give out their real information online. You should have a persona or personas you use on various websites, backed by emails for verification that themselves are built on false or misleading information, such that only pros will be able to easily link such back to the real you (as well as your home address, complete with, thanks to Google et al., your home phone # & a photo of your home).

    Ditto for leaving too much personally-identifying information about yourselves in blogs and forums… and in reviews wherever you might feel compelled to leave them. People will sell, share, and of course, lose your info. Even the big corporations. Yahoo… billions of IDs lost to hackers. EquiFax… gah!

    https://www.cnbc.com/2018/02/12/the-equifax-hack-is-way-worse-than-consumers-knew.html

    Read the legal docs (EULA, Terms of Service, Privacy Policy, etc.) to see how little they value your personal info, if they think they can make a penny off of it. And how they make NO guarantees regarding whether the hardware of software you just bought will work as advertised, work to the degree promised, work everywhere in all circumstances (or any). And your only recourse is to get your money back within 30 days (except when there’s a recurring monthly or yearly charge, which they will keep billing you for, even after the service is no longer available). So why give them your true ID?

    Liked by 2 people

  14. Thanks for the heads-up, Dr. E. Went to Disqus and changed my password.

    Liked by 1 person

  15. I always get spam after posting on disgus even w/ out password ( only post as guest when option available , do not have account/password, use dummy email.. But they can track ip….)

    Liked by 1 person

  16. I set my DISQUS account up with a gmail email account that is seperate from my real email.

    LOL – They can hack into it all they like, but all they will see is replies from other DISQUS members.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s