The service is used in 191 countries, according to its website. It was alerted to the breach by Troy Hunt, an independent researcher who runs the website have i been pwned.
The usernames, sign-up dates and last login details for 17.5 million users were exposed, including hashed passwords for about one-third of the users were exposed.
Disqus does not provide any details about its total users; it claims that the sites that use its system get 50 million comments each month, 17 billion page views with two billion unique browsers.
"As a security precaution, we have reset the passwords for all affected users. We recommend that all users change passwords on other services if they are shared."
He said the email addresses were in plain text, and hence affected users could receive spam or unwanted emails.
"At this time, we do not believe that this data is widely distributed or readily available. We can also confirm that the most recent data that was exposed is from July 2012," Yan added.
Users who were affected will be notified by email.