Disqus, the service MPR uses for comments on its blogs, reports that a data breach resulted in the user names and passwords in a 2012 database were stolen.
About 17 million users are affected.
Says the company:
Right now there isn’t any evidence of unauthorized logins occurring in relation to this. No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely). As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared.
Email addresses are in plain text here, so it’s possible that affected users may receive spam or unwanted emails.
At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July, 2012.
Disqus says it’s contacting affected users and forcing them to change their passwords.
More information here.