• Sweden's news in English
 

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Music streaming battle heats up for Spotify
Spotify could face competition from more than just rap mogul Jay Z. Photo: Evan Agostini/Invision/AP

Music streaming battle heats up for Spotify

This week's all-star launch of US rapper Jay Z's streaming music service may not have caused its Swedish rivals at Spotify to lose sleep – but analysts predict tough days ahead as tech giant Apple prepares to enter the fray. READ  

Lay judges step down over 'racist comments'
Lay judges have been accused of racist comments. Photo: Jessica Gow/SCANPIX

Lay judges step down over 'racist comments'

Several lay judges appointed by Sweden's third biggest political party, the Sweden Democrats, could face internal investigation and some have been forced to step down after claims they made racist comments online. READ  

Crackdown on illegal streaming in Sweden
Popcorn remains legal in Sweden but a site with a similar name isn't. Photo: TT

Crackdown on illegal streaming in Sweden

Users of illegal movie and television series streaming sites in Sweden including Popcorn Time are set to be tracked by a Danish lawfirm representing "major Hollywood companies" and could face fines of around 2000 SEK ($231). READ  

Swedes' Easter holiday saved as strike called off
A strike threatening to hit Swedish holidayers has been called off. Photo: Fredrik Sandberg/SCANPIX

Swedes' Easter holiday saved as strike called off

Tens of thousands of Swedes hoping to spend their Easter weekend in Helsinki can rest easily again, as a sympathy strike threatening to hit all passenger traffic between Sweden and Finland was called off late on Wednesday afternoon. READ  

April Fools' Day
April Fools' Day: The Local's 2015 gags
We had many readers fooled that a town in southern Sweden said "no" in a Scottish way. Photo: Shutterstock

April Fools' Day: The Local's 2015 gags

Did you spot our story about Swedes in a former Viking town sounding Scottish? It was one of a range of April Fools' Day jokes across The Local's network of nine European news sites. Have a laugh reading about our other red herrings. READ  

Analysis
Rocky six months for new Swedish PM Löfven
Swedish PM Stefan Löfven on a visit to the US. AP Photo/Andrew Harnik

Rocky six months for new Swedish PM Löfven

The Swedish centre-left coalition government's first six months in power since last year's general election have not been the whopping success that Prime Minister Stefan Löfven had been hoping for. READ  

Swedish pilots fail to reach deal with SAS
Negotiations between Swedish pilots' unions and SAS are ongoing. Photo: Johan Nilsson/TT

Swedish pilots fail to reach deal with SAS

A deal between Swedish pilots and Scandinavian Airlines (SAS) is being automatically extended a week at a time after the agreement ended at midnight on Tuesday. READ  

Presented by ConnectSweden
CEO: Bromma 'essential' for Skanska's success
Pierre Olofsson, CEO of Skanska Sweden. Photo: Skanska

CEO: Bromma 'essential' for Skanska's success

The future of Bromma Airport has sparked a torrent of political debate, with supporters arguing it’s essential for Sweden's connectivity. But it’s more than that, says Skanska Sweden’s CEO Pierre Olofsson. It’s also critical for work-life balance. READ  

Thousands lose global TV channels in Telia row
Several channels are affected. Photo: Telia

Thousands lose global TV channels in Telia row

Up to 700,000 households that subscribe to Nordic telecoms giant Telia’s television packages have seen several channels – including Eurosport – disappear due to a dispute with broadcaster SBS. READ  

April Fools' Day
Sweden's silliest April Fools' Day tricks
Could Swedish supermarket shelves look like this? Photo: TT

Sweden's silliest April Fools' Day tricks

Alcohol is set to be sold in a Swedish supermarket, buses are introducing 'selfie zones' and Malmö football club's new grass contains cannabis, if you believe the country's newspapers. Here's The Local's round-up of this year's April Fool gags. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
National
US spy agency to feature in new 'Stieg Larsson' book sequel
National
Beaver bite at Swedish bus stop
Sponsored Article
ConnectSweden: Examining Sweden's place in the world
Gallery
Property of the week: Åreda
Sponsored Article
Why Stockholm is the 'Boston of Europe'
Blog updates

27 March

Celebrating Three Great English Exports In 2015 (The Diplomatic Dispatch) »

"Deputy Head of Mission Aidan Liddle joins us for another guest blog today. In 2015, England..." READ »

 

27 March

Editor’s blog, March 27th (The Local Sweden) »

"Hi readers, Europe remains in shock following the Germanwings plane crash in the Alps that killed 150..." READ »

 
 
 
National
How this Syrian travelled to Sweden
Was Swedish TV host too harsh on nationalist leader Åkesson?
Sponsored Article
'Sweden must embrace openness and diversity'
National
Travelling over Easter? Don't miss our guide to rail disruption
Scandinavian airlines change cockpit rules after Greenwings crash
National
Sweden remembers Nobel laureate Tomas Tranströmer
Politics
Why petrol prices are going up
Gallery
People-watching: March 28th
What's on in Sweden: March 26th - April 2nd
Stieg Larsson's partner blasts Millennium trilogy sequel
Society
How to never miss your favourite weekly features on The Local
Gallery
People-watching: March 25th
National
Which words are changing in Sweden's latest dictionary?
National
Is this house 'un-Swedish'?
National
Sweden pays tribute to victims of Germanwings Alps crash
National
Neo-Nazi activity rising in Sweden
National
How to make Swedish Waffles
Gallery
Property of the week: Torslanda - Hjuvik
National
Stray dog Arthur moves in with Swedish owners
Sponsored Article
Ten tips for succeeding as a start-up in Sweden
National
Sweden triples maximum limit at asylum centres
Gallery
People-watching: March 21st
National
Why elderly Swedes are among the world's happiest people
National
TIMELINE: Gothenburg shootings
National
Can Sweden's feminist party score success in neighbouring Norway?
National
Why Brits can't get enough of Sweden
Gallery
IN PICTURES: Sweden's solar eclipse
National
What's on in Sweden this week
Royal wedding countdown begins
National
Viking ring reveals Islamic ties
National
TIMELINE: Julian Assange sex allegations in Sweden
Gallery
People-watching: March 18th
National
One in three Russian diplomats are spies, says Sweden's Security Service
National
Hitchcock opera set to hit Gothenburg stage
Gallery
IN PICTURES: Northern Lights on show across Sweden
Technology
Why Swedish pop star Robyn is pushing for more girls in tech
Gallery
Property of the week: Umeå
National
Introducing Sweden's Eurovision 2015 entry Måns Zelmerlöw
Gallery
People-watching: March 13th - 15th
National
Why have Swedish prosecutors made a U-turn in Julian Assange case?
Sponsored Article
How Sweden and India can work together
Politics
Who's the new young leader of the Christian Democrats?
Travel
Why are Swedes so obsessed with Mallorca?
Sponsored Article
Expert US tax preparation for Americans in Sweden
Sponsored Article
Stockholm job fair helps immigrant entrepreneurs
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

3,371
jobs available
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se