• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00
Updated: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Don't miss...X
Left Right

Your comments about this article

Today's headlines
Swedish Tetra Pak factory to shut down
Photo: TT

Swedish Tetra Pak factory to shut down

A Tetra Pak factory in southern Sweden is set to shut down due to a decrease in demand, meaning 250 Swedes risk losing their jobs. READ  

The Local List
Ten false friends in the Swedish language
Photo: The Uppsala Koala

Ten false friends in the Swedish language

Never, ever take the Swedish language at face value. This is a language where "puss" means "kiss" and "kiss" means "pee". And that's just the beginning... READ  

Sami museum hit in suspected tear gas attack
Permanent exhibition on the life of Sami nomads. Photo: Bengt Oberger/Wikipedia

Sami museum hit in suspected tear gas attack

The Sami museum in northern Sweden had to be evacuated after two attackers sprayed an unknown substance which left several people violently ill. READ  

Roma advocate scoops Wallenberg prize
Emir Selimi: The winner of the 2014 Raoul Wallenberg Prize. Photo: Charles L. Sjölander

Roma advocate scoops Wallenberg prize

A Roma man has been hailed as "inspirational" after scooping this year's Raoul Wallenberg Prize for setting up an organization to help stamp out racism against the community. READ  

Government keen on Nato forces in Sweden

Government keen on Nato forces in Sweden

Nato will soon be able to deploy forces to Sweden, with the government likely to sign an agreement with the military alliance this week, but an expert told The Local that full membership remains unlikely. READ  

Beggar hit in exhaust fume 'attack'
Exhaust fumes. Photo:Shutterstock.

Beggar hit in exhaust fume 'attack'

A beggar in southern Sweden was forced to flee in terror after she was enveloped with thick black smoke, part of an apparent attack that was captured on video and spread via social media. READ  

Elections 2014
Sweden opens the gates for election voting
Don't forget to vote. Photo:Shutterstock.

Sweden opens the gates for election voting

If you're busy on September the 14th, or simply can't wait to have your voice heard, Wednesday morning marked the opening of the polling booths for early-bird voters. READ  

Whooping cough alert after two infants die

Whooping cough alert after two infants die

The Swedish Public Health Agency has urged parents to be aware of the dangers of the infectious whooping cough disease after two babies have recently died from the illness. READ  

Chuck Berry wins 2014 Polar music prize
Chuck Berry performing in Oslo in 2007. Hakon Mosvold Larsen /Scanpix Norway

Chuck Berry wins 2014 Polar music prize

The Polar music prizes were handed out in Stockholm on Tuesday night, with Chuck Berry and theatre director Peter Sellars sharing one million kronor ($153,000) in prizes. READ  

Swedish store scraps high heels for toddlers
The shoes pictured are indeed the shoes in question. Photo: Joakim Loamotte/TT

Swedish store scraps high heels for toddlers

UPDATED: A social media storm has seen a supermarket chain recalling its heeled children's shoes. The man behind the storm says other countries could learn from how seriously Sweden takes equality. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Society
Meet the man who made a Swedish store recall its high heels for kids
Business & Money
'How I came to run my own business in Sweden'
Politics
Expert explains why Sweden's election oozes uncertainty
National
City plays Schindler's List theme at Nazi rally
Society
For Stockholm Fashion Week, here's the A-Z of Swedish fashion
Blog updates

25 August

Hit och dit, här och där (The Swedish Teacher) »

" Hej igen! A common challenge for Swedish language students are the location adverbs hit/här, dit/där, hem/hemma etc. Some of the location adverbs come in two versions. We should use one type of location adverb when we use a verb describes where we are, and we should use the other type of location adverb when we the verb..." READ »

 

25 August

The Dollar Store (Blogweiser) »

"A dollar store in Sweden. Blog post: http://t.co/tNuuvcP1q0 #USD #greenbacks #sweden #sverige pic.twitter.com/RHFAYf7U1k — Joel Sherwood (@joeldsherwood) August 23, 2014 There’s a chain here in Sweden called The DollarStore. This name always stood out to me in a country where they don’t use dollars. I went there for the first time this weekend. They actually accepted greenbacks..." READ »

 
 
 
National
'Amnesiac' man avoids deportation for ten years
Gallery
Princess Estelle through the years
Business & Money
Swedish city all set for six-hour workday trial
Business & Money
Five golden rules for the Swedish job hunt
Sponsored Article
Graduates: Insure your income in Sweden with AEA
Gallery
People-watching August 22-24
National
Armed royal guards caught (very) drunk on the job
National
Sweden orders textbook on Roma discrimination
Gallery
Violent anti-Nazi demonstrations in Malmö
Society
A closer look at Sweden's five official minority languages
Gallery
See the destruction from the southern Sweden floods
Politics
'Sweden Democrats hold the key to elections'
Society
Swedes celebrate first day of smelly fish season
Politics
Sweden elections: How do they work?
Finest.se
Gallery
People-watching August 20th
Society
Did you know the Bronx in NYC was named after a Swede?
Society
Swedes slam Danes for 'racist' art
National
Majority of Swedes favour more or just as many refugees
Sponsored Article
Find out what gives this Swedish school executive appeal
Society
This gold coin may be the key to solving a Swedish massacre
Skatteverket
Sponsored Article
Introducing... ID cards and permits in Stockholm
Sponsored Article
Introducing...Your finances in Stockholm
Sponsored Article
Introducing...Housing in Stockholm
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

724
jobs available
Swedish Down Town Consulting & Productions
Swedish Down Town Consulting & Productions is an innovative business company which provides valuable assistance with the Swedish Authorities, Swedish language practice and general communications. Call 073-100 47 81 or visit:
www.swedishdowntown.com
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
http://psdmedia.se