Disqus has discovered which suffered an information leak in 2012. Hackers managed to gain access to the user base of the comment system, which had 17.5 million accounts. The affected data includes usernames, email addresses and password hashes.
The leak was discovered by Troy Hunt, security researcher and responsible for Have I Been Pwned, which shows if any of your passwords leaked on the internet (probably already). He informed Disqus of the problem on the afternoon of October 5th; the next day, the company began notifying affected users via email, asking them to change their passwords.
The company admits that the leaked database had information recorded between 2007 and 2012, which includes “email addresses, Disqus usernames, registration dates, and last login date in plain text for 17.5 million users.” In addition, one-third of users' SHA1 password hashes were obtained — Disqus changed the hashing technique to bcrypt in late 2012.
There is no evidence that unauthorized logins were made because of of the attack, but Disqus itself recommends that all users change their passwords — even on other services, if they share the same combination (SHAME ON YOU!). Also, since the email addresses were in plain text, users are likely to receive more spam.