Popular website commenting platform Disqus has confirmed that hackers have stolen data of least 17.5 million of its users.
In a blog post the firm said that hackers, the identity of which is unknown, carried out the security breach back in 2012.
Disqus reportedly only found about the security breach on Friday after being informed by renowned security researcher Troy Hunt after he came in possession of a file containing the stolen data.
Hunt, who operates the haveibeenpwned website which lets people check if any of their online accounts have been compromised, tweeted about the breach on Friday.
According to Hunt it took Disqus just over 24 hours to investigate and confirm the breach.
— Troy Hunt (@troyhunt) October 6, 2017
Disqus, which is the most used commenting system on the web says it has already started to send emails to users who have been affected by the breach.
The company says that hackers stole email addresses, usernames, sign up dates and last login dates, all of which were stored in plain text. The company also said that only about a third of the 17.5 million passwords stolen by the hackers had been hashed. ‘Hashing’ is used to scramble a password making it much harder for hackers to decipher.
The company says the breach took place in 2012 and that users who signed up between 2007 and 2012 are most likely to be affected.
“Right now, we don’t believe there is any threats to a user account,” Disqus said in a blog post.
“Since 2012, as part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security.”
The company also said it does not have any evidence of unauthorised logins following the breach.
Despite the threat to users being considered as low, if you have signed up to Disqus you might want to update your password, particularly if you think you may have used the same password on other online accounts.