• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00
Updated: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Don't miss...X
Left Right

Your comments about this article

Today's headlines
Swedes insist EU prioritize environment

Swedes insist EU prioritize environment

An EU public opinion poll released on Friday revealed that Sweden is the only nation which thinks the environment should be a top priority for the union. READ  

Police turn blind eye to Swedish 'slave trade'
File photo: TT

Police turn blind eye to Swedish 'slave trade'

Police in Gothenburg have confirmed that sex trafficking in the city has developed into a full-blown slave trade - but that they lack the resources to do anything about it. READ  

Pirate Bay inmate claims religious persecution
Photo: TT/The Missionary Church of Kopimism

Pirate Bay inmate claims religious persecution

Peter Sunde has complained that his religious rights have been impinged after he was refused permission to meet a representative of a church inspired by the keyboard shortcuts for cut and paste. READ  

Stockholm 'bomb man' jailed and deported
Police at the scene of the threat in June. Photo: Bertil Ericson/TT

Stockholm 'bomb man' jailed and deported

The 43-year-old man who threatened Stockholm's Gamla Stan with a bomb in June was sentenced on Friday to two years in jail, followed by deportation. READ  

Swedish police: 'We're sweaty all the time'
Swedish cops are unhappy with the heat. Photo: Håkan Dahlström/Flickr

Swedish police: 'We're sweaty all the time'

Swedish weather agencies say the summer's warmest day is yet to come, but police in the north have decided that they can't take the heat - and filed a report about the own stifling police station. READ  

SAS resumes flights from Stockholm to Tel Aviv
File photo: Johan Nilsson/TT

SAS resumes flights from Stockholm to Tel Aviv

SAS Scandinavian Airlines has resumed flights from Stockholm to Tel Aviv after the airline completed a 'thorough security analysis' of the situation in Israel. READ  

Swedish man stabs woman and kills himself
A Stockholm police car. File photo: TT

Swedish man stabs woman and kills himself

A man and a woman, reported to be both 45-years-old, were found dead on Thursday in an apartment on Lidingö in Stockholm with police suspecting a murder and suicide. READ  

Police fear arson after Sweden mosque fire
Central Norrköping in eastern Sweden. Photo: Stefan Vilcans

Police fear arson after Sweden mosque fire

Swedish police suspect arson after buildings at a mosque in Norrköping in eastern Sweden burned down in the early hours of Friday morning. READ  

Opinion
'Moving wasn't a choice, Sweden called to me'

'Moving wasn't a choice, Sweden called to me'

Caught in an identity limbo and surrounded by often apathetic "love refugees", The Local's resident Swedophile Solveig Rundquist wonders if she's the only expat who moved to Sweden for the culture alone. READ  

Swedish inmates to receive digital tablets
Photo: Hasse Holmberg/TT

Swedish inmates to receive digital tablets

Sweden's Prison and Probation Services are beginning a project in which suspected criminals will be given surf tablets to look at evidence against them. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Gallery
Top ten Swedish taboos
Society
Seven-year-old Swede cycles to Berlin
Politics
'Gaza conflict needs help, not empty rhetoric'
Society
Swedes voted 'most beautiful' in the Nordics
Business & Money
Sweden demands EU clarity on Bitcoin tax
Blog updates

24 July

Sharing our Pride: Celebrating Love & the LGBT Community! (Stockholm in my American Heart) »

"It’s mid- July in Stockholm, and with much of the city on vacation, things can seem a little quiet – the streets, the bus, and the grocery store. One thing that has not paused for a summer break, though, is preparation for Stockholm’s Pride Festival, which will take place from July 28 to August 2...." READ »

 

22 July

Det (The Swedish Teacher) »

"Hej! “Det” is a personal pronoun that can be used in many ways, and it might me confusing if you always translate “det” to English “it”. In this article I will do my best to guide you to how to use “det”. Det replacing a word, a phrase or a clause Let us begin with the less confusing..." READ »

 
 
 
National
Swedish organic sales enjoy 'amazing' growth
Photo: Johan Nilsson/TT
Society
What's On in Sweden
Gallery
People-watching July 23
National
Swedish cops elect not to shoot 'angry elks'
Business & Money
New alcohol retail rules threaten micro-breweries
Gallery
People-watching Båstad
Business & Money
Sweden falls to third in global innovation index
Society
Swedish ornithologists keep webcam watch
Photo: Andreas Nordström/Image Bank Sweden
Gallery
Top ten Swedish beach hot spots
Tech
Swedish Wiki vet sets new content record
Photo: Fastighetsbyrån
Lifestyle
In Pictures: The Local's Property of the Week
Photo: Finest.se
Gallery
People-watching July 15-16
Photo: Ola Ericson/Image Bank Sweden
Society
What's On in Sweden
Photo: Lisa Mikulski
National
Hope springs eternal for expat pet shop owner
Gallery
Princess Estelle steals limelight at mum's birthday
National
Swedes risk infants' lives by covering up prams
National
Swede runs for office just using Bitcoin funds
Gallery
People-watching July 11-13
Sponsored Article
Introducing... Your finances in Stockholm
Sponsored Article
Introducing... Housing in Stockholm
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

733
jobs available
Swedish Down Town Consulting & Productions
Swedish Down Town Consulting & Productions is an innovative business company which provides valuable assistance with the Swedish Authorities, Swedish language practice and general communications. Call 073-100 47 81 or visit:
www.swedishdowntown.com
If you want to drink, that’s your business.
If you want to stop, we can help.

Learn more about English-language Alcoholics Anonymous in Sweden. No dues. No fees. Confidentiality assured.
AA-EUROPE.ORG/SWEDEN
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
http://psdmedia.se