• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
UN criticises Sweden's 'prison' children
The UN says Sweden's young offenders should spend less time alone. Photo: TT

UN criticises Sweden's 'prison' children

The way Sweden treats children living in detention centres has been strongly criticised by the United Nations Committee against Torture, which also suggested some young offenders had experienced violence by police officers. READ  

Sweden economy shows unexpected growth
Sweden's economy is growing slowly. Photo: Shutterstock

Sweden economy shows unexpected growth

Sweden's economy expanded slightly more than expected in the third quarter of the year, according to statistics published on Friday. READ  

Russians intercept Sweden navy 'love texts'
Staff on HMS Vinga and HMS Ulvön are linked to the scandal. Photo: Flickr/V-P Kivimäki

Russians intercept Sweden navy 'love texts'

Private messages sent between staff on two Swedish navy boats who were having an affair have been published in Russia, after a group of radio geeks intercepted the signal used to transmit the texts. READ  

Row over line-up at Sweden's biggest festival
Robbie Williams will headline Sweden's biggest music festival in 2015. Photo: TT

Row over line-up at Sweden's biggest festival

This week Robbie Williams was announced as the headline act at Bråvalla - one of the largest music events in Scandinavia. But the British star has proved a controversial choice for the three day festival in southern Sweden's Norrköpping, which takes place in June 2015. READ  

Swedish shoppers embrace 'Black Friday'
The Swedish Trade Federation said that three times as many companies in Sweden were staging Black Friday deals in 2014 compared to last year. Photo: AP/The Canadian Press/Justin Tang

Swedish shoppers embrace 'Black Friday'

More companies in Sweden are rolling out the imported American shopping phenomenon known as 'Black Friday' by slashing prices for post-Thanksgiving purchases. READ  

Skanska quits South America over corruption
File Photo: Gorm Kallestad/TT

Skanska quits South America over corruption

Swedish engineering giant Skanska has decided to pull out of the South American market after being dragged into a corruption scandal involving the Brazilian oil major Petrobras. READ  

Jobs and immigration cost Moderates election
Former Swedish Prime Minister Fredrik Reinfeldt exits the stage after the 2014 election loss. Photo: TT

Jobs and immigration cost Moderates election

Sweden's Moderate Party slumped at the polls on election day as it lost the jobs, welfare and immigration debate, according to the party's post election analysis. READ  

Swedes cook up win at culinary world cup
Chefs at work:Shutterstock

Swedes cook up win at culinary world cup

Sweden claimed two gold and two silver medals at the culinary world cup in Luxembourg this week, which features over 100 teams from around the world competing for gastronomic greatness. READ  

The Local Recipes
How to make Swedish potato and fish gratin
Traditional Swedish potato and fish casserole. Photo: Magnus Lundquist/Flickr

How to make Swedish potato and fish gratin

Feeling the need for some comfort food during the cold weather? The dish Swedes call Janssons frestelse is popular during the winter and is often found on the Christmas smorgasbord. Food writer John Duxbury shares his recipe with The Local... READ  

More rats creep into Sweden's cities
Rats like these are common in Stockholm. Photo: TT

More rats creep into Sweden's cities

Sweden is experiencing a rapid increase in its rat population according to the country's biggest pest control company, which says that the growing trend for outdoor food stalls is partly to blame. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Lifestyle
What's On: November 27th - December 4th
Lifestyle
How to make Swedish potato and fish gratin
National
Would you use this app to find a job?
Gallery
IN PICTURES: Sweden's biggest music festival, Bråvalla
Lifestyle
Five magical Swedish winter markets
Blog updates

28 November

St Andrew’s Day and the Way Forward for Scotland (The Diplomatic Dispatch) »

"Sunday is St. Andrew’s Day – Scotland’s national day. It was great to be in Edinburgh this..." READ »

 

28 November

Editor’s blog, November 28th (The Local Sweden) »

"Happy Thanksgiving to our American readers and warm wishes to the rest of you lucky subscribers. We..." READ »

 
 
 
Lifestyle
Top ten Swedish Christmas presents
Sponsored Article
SIS: the thinking behind globalised learning
Imagebank Sweden
Society
Decorating your home for Swedish Christmas
Lifestyle
VIDEO: How to stay stylish in Sweden in November
Gallery
People-watching: November 26th
Sponsored Article
How to get your own office anywhere in the world
National
'I'm a Swedish 'expat' in my home country'
Sponsored Article
Introducing... Family life in Stockholm
Gallery
IN PICTURES: Sweden's 2015 Eurovision hopefuls
Gallery
Property of the week: Rosengården
National
'Racist' Black Pete party scrapped in Sweden
Gallery
IN PICTURES: Sweden's Christmas gifts through the years
Lifestyle
'I'm spreading Japan's 'cute' culture in Sweden'
National
Ebola: Sweden's leading expert speaks
National
Why this Swedish rabbi is facing death threats
National
Fears up to 300 Swedes fighting with Isis
Lifestyle
How to make Swedish mulled wine
Gallery
People-watching: November 22nd - 23rd
Society
What's on in Sweden: November 20th to 27th
National
How to boost your career in Skåne, Sweden's south
Lifestyle
How an Umeå museum is rewriting Swedish history
National
Timeline: Julian Assange sex allegations
Lifestyle
Five unique backpacker hostels in Stockholm
National
Bones show off Sweden's history
National
What new word are Swedes voting on?
National
Why African Swedes are angry about Santa's helper
National
Pine, tar, and tinder: flavours from the north
Gallery
Selfies, solidarity and Hillary Clinton: Stefan Löfven on tour
Gallery
People-watching: November 19th
Society
Why are international professionals leaving Sweden?
Business & Money
Meet the Swedes who made suits for The Hunger Games
Technology
'I'm among the first Swedes with a microchip'
National
What is Sweden doing about bird flu?
Gallery
Property of the week: Eriksberg
National
Vecka45: Sweden's most innovative week
Gallery
In Pictures: The clubs and loves of Sweden's Sven-Göran Eriksson
Society
What's On in Sweden: November 13th to 20th
Gallery
People-watching: November 16th
National
Driving (expats) home for Christmas?
Lifestyle
Make your own Swedish pea soup
Politics
"Totally unacceptable": Defence Minister on Stockholm submarine
Sponsored Article
The best options for oversea transfers
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

844
jobs available
Swedish Down Town
Consulting & Productions

We are an innovative business company which provides valuable assistance with the Swedish authorities, Swedish language practice, and general communications.
Call 0731 004 781 or visit:
swedishdowntown.com
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se
If you want to drink, that’s your business. If you want to stop, we can help.
Learn more about English-language Alcoholics Anonymous in Sweden. No dues. No fees. Confidentiality assured.
aa-europe.org/sweden
The Local Spain is hiring!
The Local is seeking a new editor for our site in Spain to join our growing team of internationally-minded, driven, ambitious and clued-up journalists.
Details and how to apply
Counselling and Psychotherapy in English
Sometimes living in another culture can cause stress, confusion and feelings of sadness and loneliness. Talking to a professional psychotherapist/counsellor might help you. I am a UKCP Reg. psychotherapist. My practice is in Södermalm, Stockholm.
Contact me to discuss your options