• Sweden's news in English
 

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Sweden set for brief burst of spring sunshine
Photo: TT

Sweden set for brief burst of spring sunshine

April is a notoriously whimsical weather month and is set to take a turn for the better in Sweden as spring sunshine is set to make a return to many parts of the country . READ  

Swedish teens in hurry to leave home
A housing queue protest in Stockholm in April 2015. Photo: TT

Swedish teens in hurry to leave home

Swedish youngsters leave home earlier their European counterparts, surprising housing researchers. READ  

Swedish study explains coffee cancer link
Cutting cancer, one cup at a time. Photo: TT

Swedish study explains coffee cancer link

Swedish researchers have explained why drinking coffee is thought to lower the risk of contracting breast and other cancers. READ  

Zlatan's French rant ban reduced to three matches
Sweden's star striker Zlatan Ibrahimovic. Photo: Anders Wiklund/TT

Zlatan's French rant ban reduced to three matches

Controversial Swedish footballer Zlatan Ibrahimovic's ban for his foul-mouthed rant at a referee in which he blasted France as a “shit country” has been reduced from four matches to three, French newspaper Le Parisien reported on Friday. READ  

Syria: ‘most dangerous’ Isis leaders Scandinavian
President Assad. Photo: TT

Syria: ‘most dangerous’ Isis leaders Scandinavian

President Bashar al-Assad has thanked Sweden for taking in record numbers of refugees during the war, but warned about a growing danger from ‘Scandinavian’ Islamist extremists in his country. READ  

New Swedes picked for airport Hall of Fame
Fashion blogger Kenza Zouiten is one of the new faces. Photo: Fredrik Sandberg/TT

New Swedes picked for airport Hall of Fame

The new faces that are going to represent Sweden at the Stockholm Hall of Fame at Arlanda airport have been revealed. The gallery of famous Swedes is meant to reflect the country's contemporary icons, but this is its first update in almost nine years. READ  

Swedish Robocop star in Wikileaks email scandal
Joel Kinnaman, left, and his co-star Abblie Cornish in Robocop. Photo: AP Photo/Sony/Columbia Pictures/Kerry Hayes

Swedish Robocop star in Wikileaks email scandal

Sweden's hottest Hollywood star Joel Kinnaman is the latest name to emerge from a Wikileaks' publication of over 170,000 internal Sony Pictures emails stolen in a massive hacker attack last year, alongside one of the Pirate Bay founders and information about the fourth book in the famous Swedish Millennium series. READ  

Feminist leader to take sick leave for exhaustion
Sissela Nordling Blanco at Stockholm's City Hall. Photo: Magnus Hjalmarson Neideman/SvD/TT

Feminist leader to take sick leave for exhaustion

One of the leaders of the feminist party which came close to entering parliament in last year's Swedish election is set to take a break from politics following exhaustion symptoms, a spokesperson announced on Friday. But party figurehead Gudrun Schyman has told The Local that she will stay on. READ  

First 'city warehouse' in Scandinavia for Ikea
What the new store will look like. Photo: Ikea

First 'city warehouse' in Scandinavia for Ikea

Swedish furniture giant has announced plans to open its first 'city warehouse' in Scandinavia, with a massive new store set to be built in the centre of Copenhagen, as plans for a similar project in Stockholm remain in doubt. READ  

New defence deal agreed between Swedish parties
Swedish soldiers on a mission in Afghanistan. Photo: TT

New defence deal agreed between Swedish parties

UPDATED: Sweden's centre-left coalition government has agreed a new 10.2 billion kronor ($111.9 million) defence deal with three of the four parties that make up the opposition Alliance after days of debate. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Features
What you can buy in Sweden for the price of a London shed
Stockholm School of Economics
Sponsored Article
"You may only do something once, but do it 100%"
National
What's on in Sweden this week
Swedish Hasbeens
Sponsored Article
Is the world wrong to connect Sweden with sexiness?
National
Swedes launch first donut into space
Blog updates

17 April

Editor’s blog, April 17th (The Local Sweden) »

"Hi readers, After several days of social media buzz about an upcoming announcement from Abba’s Björn Ulvaeus,..." READ »

 

15 April

Gång, timme, tid & dags (The Swedish Teacher) »

"Hej! In this article I will talk about “gång”, “timmar”, “dags” and “tid”, because they all translate..." READ »

 
 
 
Politics
Is Sweden returning to 1990s social democratic welfare politics?
National
Mamma Mia! Abba entertainment venue set to open in Stockholm
Gallery
People-watching: April 15th
National
Why Sweden is top place in the world for expats to raise children
National
Swedish 'submarine' was civilian boat
Sponsored Article
Want to study in Sweden? Read why Stockholm is the best choice
National
Why has a US town got pulled into a Swedish spelling row?
Gallery
Property of the week: Hovås, Gothenburg
National
What does Zlatan think of his ban?
Sponsored Article
Does far-north Sweden have to punch above its weight?
National
Swedish teenagers help rebuild Breivik massacre island
National
Would you live in a steel box?
National
How an act of kindness by one Syrian immigrant went viral
Gallery
People-watching: April 8th
National
Swedish bids for Billboard fame
National
Swedish monkeys denied Saudi visas
National
Sunny spring weather predicted
Sponsored Article
'Impossible' to run Skanska without Bromma Airport
National
Half of Swedes want begging ban
Gallery
Property of the week: Gotland
National
Why are expats less likely to settle down with Swedes?
Sport
What does Sweden think of Zlatan's recent outburst?
Society
Get to grips with Sweden's most bizarre Easter traditions
Gallery
People-watching: April 1st
National
The Local's best April Fools' gags
National
US spy agency to feature in new 'Stieg Larsson' book sequel
National
Beaver bite at Swedish bus stop
Gallery
Property of the week: Åreda
National
How this Syrian travelled to Sweden
Was Swedish TV host too harsh on nationalist leader Åkesson?
Sponsored Article
'Sweden must embrace openness and diversity'
Scandinavian airlines change cockpit rules after Germanwings crash
National
Sweden remembers Nobel laureate Tomas Tranströmer
Politics
Why petrol prices are going up
Gallery
People-watching: March 28th
Stieg Larsson's partner blasts Millennium trilogy sequel
Society
How to never miss your favourite weekly features on The Local
Gallery
People-watching: March 25th
National
Which words are changing in Sweden's latest dictionary?
National
Is this house 'un-Swedish'?
National
Sweden pays tribute to victims of Germanwings Alps crash
National
Neo-Nazi activity rising in Sweden
National
How to make Swedish Waffles
Gallery
Property of the week: Torslanda - Hjuvik
Sponsored Article
Ten tips for succeeding as a start-up in Sweden
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

3,342
jobs available
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se