Hacker News new | past | comments | ask | show | jobs | submit login

But if they haven't changed their password after the Adobe hack then they're already boned, aren't they? How doe the Disqus vuln add to that?



You don't want to try 150 million Adobe logins on Disqus. You want to identify which ones to test first.


Maybe I'm being dense this morning... if I were in the Adobe 150M, some criminals would already have my email address, right? How does getting Disqus's hash of it help them out?


Not being dense at all, it's a valid point, but crossing both leaks helps them find out quickly which logins and password combos to try at disqus, and which accounts will be compromised.


By linking your Disqus comments to your e-mail. For example your comments on sexual preference blogs, political blogs etc. Mapping your life, possibly opening up for blackmail.


Well I guess risk profiles vary. I'm certainly more worried about criminals having the access they need to reset my creds with various services, than about them knowing my oddball political opinions. I still don't see how this Disqus issue makes Adobe worse, although admittedly any big list of email addresses (like Adobe) makes this worse.


Maybe you remembered to change your email password, but forgot to change your disqus password.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: