• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
National
Swedes' blonde only school photo goes viral
Student Patricia Spång Lundahl holds the sign 'Jimmie sent the rest home' in the protest school photo. Photo. Private

Swedes' blonde only school photo goes viral

A protest school photo by Swedish students to highlight the anti-immigration polices of the Sweden Democrats has generated a storm on social media. READ  

National
Rush hour chaos after train signal failure
The signal failure is affecting the service between Södertälje and Stockholm. Photo: Thomas Eneborg/TT

Rush hour chaos after train signal failure

Passengers travelling to and from the Swedish capital were forced to make alternative travel arrangements on Friday morning after a signal failure ground the rail service between Södertälje and Stockholm to a standstill. READ  

International
Israel ambassador to make Sweden return
Isaac Bachman, Israel's ambassador to Sweden. Photo: Claudio Bresciani/TT

Israel ambassador to make Sweden return

Isaac Bachman will come back to Stockholm on November 29th stating that it was a "compromise" when he was recalled to Israel following Sweden's decision to recognize Palestine. READ  

Food
How to make Swedish mulled wine
Swedish mulled wine served the traditional way. Photo: Claudio Bresciani/TT

How to make Swedish mulled wine

Come colder days, Swedes rely on one drink in particular to warm them up again: glögg. The beverage has been a Christmas tradition in Sweden since the 1890s. The shops are already packed with the stuff, but why not make your own? John Duxbury shares his favourite recipe with The Local. READ  

International
Sweden to implement Unicef rights of child law
Prime Minister of Sweden Stefan Löfven sits next to Queen Silvia of Sweden during high level meetings at U.N. headquarters on Thursday, Nov. 20, 2014. AP Photo/Bebeto Matthews

Sweden to implement Unicef rights of child law

Prime Minister Stefan Löfven has said that the government will incorporate the Unicef convention on the rights of the child into Swedish law, following talks in New York during his state visit. READ  

Interview
Umeå museum rewrites Swedish history
The Women's History Museum is part of Umeå's new cultural centre (white building). Photo: Karl Jóhannesson/Flickr

Umeå museum rewrites Swedish history

Sweden's first women's history museum opens in Umeå this weekend. Deviating from traditional history, it aims to raise questions about sex, power, and identity. But can the concept pull more female - and male - visitors to the region? The Local asked director Maria Perstedt. READ  

Business
Phone 'contracts' cut by Sweden's Tele2
Photo: TT

Phone 'contracts' cut by Sweden's Tele2

One of Sweden's biggest mobile companies is scrapping long term call and data contracts for customers as part of what it says is the biggest change in the Swedish telecoms industry for 20 years. READ  

Sport
1.6 million Swedes are reeled in by fishing
Photo: Lief R Jansson/TT

1.6 million Swedes are reeled in by fishing

Fishing is one of Sweden's most popular hobbies in 2014, according to 'surprise' new figures released by Statistics Sweden. READ  

Julian Assange
Court rejects Assange arrest warrant appeal
Julian Assange. Photo: TT

Court rejects Assange arrest warrant appeal

A Stockholm court has upheld an arrest order for Julian Assange who is wanted for questioning over alleged sex crimes in Sweden. His lawyer has told The Local that he now plans to take the case to Sweden's Supreme Court. READ  

Julian Assange
Timeline: Julian Assange sex allegations
Julian Assange following a court hearing in 2010. Photo: TT

Timeline: Julian Assange sex allegations

Wikileaks founder Julian Assange is fighting extradition to Sweden where he is facing sex assault allegations. The Local looks at the key points in his case so far. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
National
Timeline: Julian Assange sex allegations
Sponsored Article
Introducing... Family life in Stockholm
Lifestyle
Five unique backpacker hostels in Stockholm
National
How to boost your career in Skåne, Sweden's south
National
Bones show off Sweden's history
Blog updates

19 November

Coffee in Stockholm (Blogweiser) »

" Stockholm is full of quaint little cafés. I go to none of these. For coffee, I..." READ »

 

14 November

Editor’s blog, November 14th (The Local Sweden) »

"Hi readers, We’ve had a hectic Friday covering the Swedish military’s announcement that there was definitely a..." READ »

 
 
 
National
What new word are Swedes voting on?
National
Why African Swedes are angry about Santa's helper
National
Pine, tar, and tinder: flavours from the north
Gallery
Selfies, solidarity and Hillary Clinton: Stefan Löfven on tour
Gallery
People-watching: November 19th
Society
Why are international professionals leaving Sweden?
Business & Money
Meet the Swedes who made suits for The Hunger Games
Technology
'I'm among the first Swedes with a microchip'
National
What is Sweden doing about bird flu?
Gallery
Property of the week: Eriksberg
National
Vecka45: Sweden's most innovative week
Gallery
In Pictures: The clubs and loves of Sweden's Sven-Göran Eriksson
Society
What's On in Sweden: November 13th to 20th
Gallery
People-watching: November 16th
National
Driving (expats) home for Christmas?
Lifestyle
Make your own Swedish pea soup
Politics
"Totally unacceptable": Defence Minister on Stockholm submarine
Society
The A-Ö guide to making life in Sweden easier
National
How a Swedish party inspired a masterpiece
National
Seen the new Ace of Base yet?
National
Meet the Irish woman thundering into Swedish rock
Gallery
In Pictures: Ace of Base through the years
Society
Ten things you should never say to a Swede
Gallery
People-watching: November 12th
Business & Money
Get your own office in Gothenburg or Stockholm - free for a day
National
Opinion: 'We have to talk about Sweden's Isis fighters'
Business & Money
Price hike for new mortgages in Sweden
National
Toy store catalogues 'too white' in Sweden
National
Pirate Bay co-founder released from prison
National
Southern Sweden had 201 days of summer
Gallery
Sweden's ten most powerful people
Gallery
Property of the week: Mariestad
National
Introducing... Healthcare in Stockholm
National
What you need to know about Stockholm hospital bug epidemic
Lifestyle
Young Serbian shouts for students in Sweden
Lifestyle
How to make your own chocolate kladdkaka
Gallery
People-watching: November 9th
Lifestyle
What's On in Sweden: November 7th - 14th
Society
The Local's Oliver Gee tries out Stockholm's 'therapy taxis'
Sponsored Article
The best options for oversea transfers
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

826
jobs available
Swedish Down Town Consulting & Productions
Swedish Down Town Consulting & Productions is an innovative business company which provides valuable assistance with the Swedish Authorities, Swedish language practice and general communications. Call 073-100 47 81 or visit:
swedishdowntown.com
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se
If you want to drink, that’s your business.
If you want to stop, we can help.

Learn more about English-language Alcoholics Anonymous in Sweden. No dues. No fees. Confidentiality assured.
aa-europe.org/sweden
The Local Spain is hiring!
The Local is seeking a new editor for our site in Spain to join our growing team of internationally-minded, driven, ambitious and clued-up journalists
Click here for the full job description