Statement in Response to a Report of "Cracking Disqus"

Tuesday, December 10, 2013
"Disqus has not been cracked. No emails were leaked by Disqus. Disqus offers an API service that includes MD5 hashes of email addresses in order to use Gravatar, a commonly used third party service that enables users to display a consistent avatar across platforms. This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals. To use our API or service for such purposes, is a breach of our privacy guidelines. As in all such cases, we are terminating the account.

Further, we are disabling Disqus’ use of the Gravatar service and removing the MD5 hash email addresses from the API. We will evaluate any further changes that will need to be made based on these actions."

Stephen Roy
VP, Marketing
​Disqus
Ask the Community Contact us

Post a public question in one of our community channels to get help from other Disqus users. Also, be sure to search our Knowledge Base first, your answer might be just a click away!

Discuss Disqus –– Great for getting quick help, sharing feedback, and discussing issues with the community and Disqus help team.

Q&A –– Great for asking very specific questions about how Disqus works