• Sweden's news in English
 

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Mediterranean migrant crisis
Sweden learns of new EU migrant quota details
Migrants arriving in Italy. Photo: AP Photo/Carmelo Imbesi

Sweden learns of new EU migrant quota details

Sweden has been told to help relocate 821 migrants who have arrived in Italy and 548 who have travelled to Greece as part of the European Commission's controversial plans to ensure refugees are spread more evenly across member states. READ  

Are Zlatan Ibrahimovic's Swedish memoirs fake?
Sweden's controversial football star Zlatan Ibrahimovic. Photo: Janerik Henriksson/TT

Are Zlatan Ibrahimovic's Swedish memoirs fake?

Football fans all over Europe were sent into a mad social media frenzy on Wednesday after the ghost writer of Zlatan Ibrahimovic's autobiography let slip that none of the quotes in the book came from the Swedish footballer himself. READ  

Sweden puffs up outdoor smoking ban proposals
A Swedish woman smoking outdoors. Photo: TT

Sweden puffs up outdoor smoking ban proposals

Plans for an outdoor smoking plan in Sweden are hotting up with reports that a majority of politicians in the Swedish parliament will back plans to stop people lighting up on terraces and in beer gardens. READ  

Opinion
'Culture debates are meant to stop questions'
Stockholm University Library. Photo: Simon Paulin/Image Bank Sweden

'Culture debates are meant to stop questions'

After Norwegian literary legend Karl Ove Knausgård accused Swedes of being narrow-minded 'cyclops' (one-eyed giants from Greek mythology), Stockholm University business lecturer Carl Cederstöm argues that his fellow countrymen and women should learn to offer more sophisticated cultural debates. READ  

The Local List
Six essential shopping spots in Stockholm
Exclusive shopping street Biblioteksgatan in Stockholm's Östermalm district. Photo: TT

Six essential shopping spots in Stockholm

Sweden has a reputation for style and the nation's capital is a haven for shopaholics - once you know where to go. Here's The Local's beginner's guide to Stockholm's shopping scene in 2015, from the latest designer stores and independent boutiques to handy malls. READ  

'Rotten’ business claims at Nordic TeliaSonera
A TeliaSonera conference in Stockholm last year. Photo: TT

'Rotten’ business claims at Nordic TeliaSonera

Swedish-Finnish telecom operator TeliaSonera has been accused of “rotten” business dealings in Azerbaijan, following a separate bribery scandal in Uzbekistan. READ  

Presented by ConnectSweden
The millionaire teacher who doles out tough love
Barbara Bergström, founder of Internationella Engelska Skolan. File photo: IES

The millionaire teacher who doles out tough love

Barbara Bergström, founder of Internationella Engelska Skolan, talks about what’s wrong with Swedish schools, international teacher recruitment, and why she's not above cleaning toilets. READ  

Bones of missing Swede confirmed in US town
Larkspur Landing, in California, where Elisabeth Martinsson was last seen. Photo: Pedro Xing. Licensed under CC0 via Wikimedia Commons

Bones of missing Swede confirmed in US town

US coroners have officially identified the skeletal remains of a 21-year-old Swedish student who went missing in California over three decades ago and have relaunched a murder investigation. READ  

Stockholm transport boss resigns over theft
The chief executive of Stockholm's public transport group SL, Anders Lindström, has resigned. Photo: Annika af Klercker/Svenska Dagbladet

Stockholm transport boss resigns over theft

The head of Stockholm's public transport group, SL, has stepped down a fortnight after he was fined by a Hong Kong court for stealing an expensive designer credit card holder in an airport store. READ  

Swedish amber rock was Second World War bomb
The amber rock was in fact a large piece of trotyl, pictured. Photo: Daniel Grohmann

Swedish amber rock was Second World War bomb

A two-kilo rock handed to a museum in southern Sweden by a fisherman who thought it was a piece of amber, has turned out to be a huge Second World War bomb. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Gallery
IN PICTURES: Your May sun snaps
National
Russian veterans' Nazi attack on Ikea
Bupa
Sponsored Article
Healthcare: Nine questions every expat should ask
National
Avicii confirms royal wedding DJ gig
Sponsored Article
What it's like to be a student in Malmö
Blog updates

26 May

Vet, kan, känner eller känner till? (The Swedish Teacher) »

"Hej! It happens every now and then that my students mix up the words “vet”, “kan”, “känner”..." READ »

 

24 May

 (Joel Sherwood) »

"Real American men don’t watch Eurovision. New video: http://www.youtube.com/watch?v=vQk5dUhGt-w ..." READ »

 
 
 
Sponsored Article
Kristin Amparo: 'Swedes are afraid to be proud'
Gallery
Property of the week: Lugnvik, Östersund
Gallery
IN PICTURES: Eurovision winner Måns Zelmerlöw through the years
Gallery
People-watching: May 22nd-23rd
National
Why are Sweden's beaches among the worst in Europe?
National
VIDEO: Can you get your tongue around Sweden's word for 'nurse'?
Sponsored Article
'No one tells expats about unemployment benefits'
National
How two million Swedes are designing a 'house of clicks'
Sponsored Article
Why expat women are choosing Swedish natural birth control
National
What's on in Sweden this week
National
Five facts you need to know about Sweden's Eurovision entry
National
Why do one in three Swedes want to join Nato?
Features
What to do in Stockholm this summer
Gallery
People-watching: May 20th
National
How Sweden and Saudi Arabia got back on speaking term after row
Gallery
Property of the week: Västra hamnen, Malmö
Sponsored Article
'There is no such thing as Swedish values'
National
Why is support for the Sweden Democrats at a record high?
Sponsored Article
ConnectSweden: Examining Sweden's place in the world
Gallery
People-watching: May 15th - 17th
National
VIDEO: Swedish man's roar scares off charging bear
National
'Gang conflict' linked to latest Gothenburg attack
National
RECIPE: How to make Panna cotta with cloudberry jam
Sponsored Article
'Educated immigrants get stuck in limbo in Sweden'
National
Sweden backs migrant sharing plan
National
Swedish boozing on the rise
National
Why Sweden's deputy PM was forced to apologize for Auschwitz analogy
National
End of the road for Julian Assange's arrest appeal?
Features
Booked to go to one of Sweden's sizzling music festivals yet?
National
Meet the Swedish boy who used to be a girl
Sponsored Article
How to change the world: Malmö to Mogadishu
Gallery
IN PICTURES: Princess Estelle through the years
National
Why is obesity ballooning in Sweden?
National
VIDEO: The bizarre Swedish nurses song that's gone viral
National
Ecuador stray dog Arthur in Swedish charity race
National
UK expert: 'Sweden's current military state is alarming'
National
Elfdalian: a real language spoken in central Sweden in 2015
National
Is King's love for house tracks behind new military music?
Gallery
Property of the week: Hjortnäs, Leksand
National
Sex-crazed grouse terrorizes Swedes
National
IN PICTURES: Sweden's King Carl XVI turns 69
National
Dolphins spotted in Baltic
Gallery
People-watching: May 1st-3rd
Sponsored Article
'Never waste a good crisis'
National
Road trippers flock to 'The Bridge'
National
Why are Swedish supermarkets banning paracetamol pills?
Gallery
People watching: April 29th
National
"In many ways Swedes and Americans are kindred spirits"
Swedish Hasbeens
Sponsored Article
Is the world wrong to connect Sweden with sex?
Sponsored Article
'Impossible' to run Skanska without Bromma Airport
Sponsored Article
Want to study in Sweden? Read why Stockholm is the best choice
Sponsored Article
'Sweden must embrace openness and diversity'
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

3,313
jobs available
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se