This question is at the center of the recent security breach involving Disqus, a widely used comment hosting service, and Gravatar, a service owned by WordPress co-founder Matt Mullenweg’s company Automattic. Gravatar allows users to maintain a consistent profile picture across websites enabling a Gravatar plugin. Until recently, Disqus enabled Gravatar which uses an MD5 hash, an algorithm designed in 1991, to mask the email addresses associated with each Gravatar account. Gravatar’s MD5 hash has been proven to be easily hackable. In December, a group of investigative journalists at Sweden’s Researchgruppen was able to de-anonymize the identities of thousands of […]
16 Comments