• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00
Updated: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Sport
Sweden's star striker Zlatan 'recovering well'
Zlatan Ibrahimovic is Sweden's top scorer in history. PHOTO: TT/Maja Suslin

Sweden's star striker Zlatan 'recovering well'

Zlatan Ibrahimovic is recovering well from the nagging heel problem that has stopped him playing for Sweden during its Euro 2016 qualifying campaign. READ  

International
Swedish sisters create viral Syria stir
A shot from the video on YouTube.

Swedish sisters create viral Syria stir

Two sisters from Södertälje near Stockholm are celebrating getting more than 1.3 million hits on YouTube, with a video calling for peace in war-torn Syria. READ  

Pirate Bay
Pirate Bay founder gets three years in prison
A 2013 image of Svartholm Warg. Photo: TT

Pirate Bay founder gets three years in prison

Swedish "hactivist" Gottfrid Svartholm Warg has been sentenced to three-and-a-half years in prison for hacking crimes. READ  

Royal family
Princess Madeleine to make Nobel comeback
Princess Madeleine at a previous Nobel banquet. Photo: TT

Princess Madeleine to make Nobel comeback

Sweden's Princess Madeleine is scheduled to appear at the Nobel Festival in Stockholm in December, after taking time out from her royal duties to focus on looking after her daughter. READ  

Politics
'We knew that Israel would be critical'
Foreign Minister Margot Wallström (left), with Sweden's Prime Minister Stefan Löfven. Photo: TT

'We knew that Israel would be critical'

Sweden's Foreign Minister has told The Local she respects Israel's decision to recall its ambassador after Sweden officially recognized the State of Palestine, and laughed off comments about IKEA furniture made by her Israeli counterpart. READ  

Analysis
'Store up your sunlight hours before winter'
Doctors say we should make the most of the autumn sunshine. Photo: Shutterstock

'Store up your sunlight hours before winter'

Spending time outdoors this autumn will help you survive a cold, dark Swedish winter. Baba Pendse, Head of Psychiatry at Lund University shares his top tips for battling the seasonal blues with The Local. READ  

Sports
Plot for shared Scandi Winter Olympic bid
Skiers hit the slopes in Åre, western Sweden. Photo: TT

Plot for shared Scandi Winter Olympic bid

Norwegian sports officials have said they want to co-host the winter Olympics with Sweden in 2026. But there has so far been no official response from Sweden. READ  

National
Anti-Israel graffiti 'not a race crime': Court
Photo: TT

Anti-Israel graffiti 'not a race crime': Court

A teenage boy who painted anti-Israel slogans and symbols on the Concert Hall in Gothenburg has been convicted for the damages he caused, but he walked free from racial agitation charges. READ  

Entertainment
A closer look at Sweden's rising stars
Swedish actresses Sandra Huldt and Julia Ragnarsson. Julia (right) has been nominated for a Rising Star award. Photo: TT

A closer look at Sweden's rising stars

Like to be ahead of the game when it comes to the next big thing on the silver screen? We find out more about the Swedish nominees for the Rising Star award to be presented at Stockholm's International Film Festival next week. READ  

Science
Swedish women in two-year sex pill study
Contraceptive pills have been linked to mood swings. Photo: Shutterstock

Swedish women in two-year sex pill study

Three hundred women from across Sweden are taking part in a study designed to demonstrate that modern contraceptive pills don't lead to decreased libido or mood swings. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Lifestyle
Stockholm's shocking take on Halloween
Sport
Top ten quotes from Zlatan Ibrahimovic
Business & Money
Get your own office in Gothenburg or Stockholm - free for a day
Gallery
People-watching: October 30th
National
Sweden remains fourth best for gender equality
Blog updates

31 October

Editor’s Blog, October 31st (The Local Sweden) »

"Hello readers, Welcome to our latest 60-second round-up of the week’s news. First, Sweden made headlines around the..." READ »

 

29 October

Scariest day (Blogweiser) »

"This is what’s frightening me on Halloween. http://www.youtube.com/watch?v=D4OFZVCu8J0&list=UUJu5J7jG4uoYSjWbpFsJBuQ Follow my posts on FB. ..." READ »

 
 
 
National
Timeline: Julian Assange sex allegations
Sport
World Cup ski race on 'fake' Stockholm slope
Society
An Arctic tradition: hunting and handicraft
Society
Stockholm taxis offer free therapy sessions
National
The Local meets Health Minister Gabriel Wikström
Gallery
Property of the week: Österåker
Society
Homeless turtles get Stockholm police ride
National
Construction worker has 'Sweden's best beard'
National
Italian musician jazzes up Sweden's Lapland
Gallery
Zlatan's career in pictures
Finest.se
Gallery
People-watching: October 25th and 26th
Lifestyle
'Swedes are funnier than they think'
National
Swedish town 'like Venice' after heavy rains
Lifestyle
What's On in Sweden: October 24th - 31st
Gallery
People-watching: October 22nd
Gallery
In Pictures: Prince Carl Philip and Sofia Hellqvist
Lifestyle
Eight things to love about renting a Swedish apartment
National
Vasa ship cannon blasted in Sweden
National
Sub hunt: Day-by-day
National
Sub hunt: Stockholm islanders share their fears with The Local
Sponsored Article
The best options for oversea transfers
National
Dentist gives free care to Roma beggars
Gallery
Property of the week: Malmö
Gallery
PHOTOS: 'Foreign activity' in Swedish waters
TT
Society
QUIZ: How good is your Swedish?
Society
The nudity... and nine other things expat men notice in Sweden
Gallery
People-watching: October 15th
Gallery
Your views: Should outdoor smoking be banned in Sweden?
Business & Money
Sweden has 'large hole' in finances
Sponsored Article
Introducing... Finding a job in Stockholm
Society
Monster salmon caught in northern Sweden
Gallery
Property of the week: Lorensberg
National
Scandinavia's child bride
National
Ebola crisis: How is Sweden preparing?
Business & Money
How Sweden is becoming a cashless society
Gallery
Stockholm Burlesque Festival 2014
National
How a little red horse became a symbol for Sweden
Gallery
People-watching: October 12th
Business & Money
The hottest start-ups from southern Sweden
National
Stockholm is 'best' region for well-being
Sponsored Article
How to catch the first lobster of the year
Team SCA
Sponsored Article
All-female SCA team takes off on Volvo Ocean Race
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

989
jobs available
Swedish Down Town Consulting & Productions
Swedish Down Town Consulting & Productions is an innovative business company which provides valuable assistance with the Swedish Authorities, Swedish language practice and general communications. Call 073-100 47 81 or visit:
www.swedishdowntown.com
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
http://psdmedia.se
If you want to drink, that’s your business.
If you want to stop, we can help.

Learn more about English-language Alcoholics Anonymous in Sweden. No dues. No fees. Confidentiality assured.
AA-EUROPE.ORG/SWEDEN