In a security alert, Disqus said attackers took a snapshot of its user database from 2012 with information dating back to 2007.
This included user names, sign-up dates and last login dates for more than 17.5 million users. Salted passwords hashed with the crackable SHA-1 algorithm for a third of Disqus users were also leaked.
At the end of 2012 (well before the breach was discovered) Disqus made major changes to their storage methods and encryption algorithms to the much more secure option of salted bcrypt hashes.
Still, the data’s out there and anything prior to that is very easily crackable.