Statement in Response to a Report of "Cracking Disqus"

Tuesday, December 10, 2013
"Disqus has not been cracked. No emails were leaked by Disqus. Disqus offers an API service that includes MD5 hashes of email addresses in order to use Gravatar, a commonly used third party service that enables users to display a consistent avatar across platforms. This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals. To use our API or service for such purposes, is a breach of our privacy guidelines. As in all such cases, we are terminating the account.

Further, we are disabling Disqus’ use of the Gravatar service and removing the MD5 hash email addresses from the API. We will evaluate any further changes that will need to be made based on these actions."

Stephen Roy
VP, Marketing
​Disqus
Contact us

We welcome all questions, feedback and bug reports. If you're having an issue, we usually need the following information:

  • A brief description of the issue
  • Link to any page where you saw the issue
  • Screenshots that illustrate the problem - How do I take a screenshot?