CLOSED: [2017-10-07 Sat 22:28] :PROPERTIES: :CREATED: [2017-10-07 Sat 22:20] :ID: 2017-10-07-disqus-breach :END: :LOGBOOK: - State "DONE" from "NEXT" [2017-10-07 Sat 22:28] :END: As [[https://blog.disqus.com/security-alert-user-info-breach][stated in a blog entry]], [[https://disqus.com/][the comment service Disqus]] lost all of its user account credentials (email addresses, Disqus user names, sign-up dates, and last login dates) and the salted password hashes of a third of all users. The passwords are encrypted but with [[https://en.wikipedia.org/wiki/SHA-1][a rather out of date algorithm]] which is declared broken for over a decade. Therefore, you have to assume that your password got decrypted already. Since my blog does use Disqus as one of two possibilities to add comments: please do change your Disqus password immediately to a new and secure password. [[https://xkcd.com/936/][Not only my recommendation]]: three normal words which are easy to remember and type which do not appear anywhere in this combination. Like "security lost cloud".