• Sweden's news in English
 
app_header_v3

Swedes uncover Disqus user security breach

David Landes · 12 Dec 2013, 15:15

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Story continues below…

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Ikea opens massive museum in Sweden
A scene from the museum in Älmhult. Photo: Emil Langvad/TT

Flatpack enthusiasts rejoice: Ikea has just opened a 7,000 square metre museum in the building that once housed its original store.

The Local Recipes
How to make a Swedish chicken and strawberry salad
Chicken and strawberry: a better combination than it may seem. Photo: SwedishFood.com

Easy to prepare, this chicken and strawberry salad is the meal you need this weekend, trust us!

Ibrahimovic confirms Manchester United move
Ibrahimovic playing for Sweden at Euro 2016. Photo: Thanassis Stavrakis/TT

Swedish striker Zlatan Ibrahimovic has put months of speculation over his future to an end by confirming that he will join Manchester United.

Man detained in Sweden over poison plot
Uppsala University. Photo: David Naylor/Uppsala universitet

The case, which involved assistance from the FBI, regards poisonous substance ricin that was allegedly stolen from Uppsala University to aid a blackmail plot.

Fifty Stockholm heart patients hit by superbug
Staff check air quality in an operating theatre at Karolinska University Hospital. Photo: Gary Fabbri

A potentially deadly antibiotic-resistant bacteria has spread to more than 50 heart patients at Karolinska University Hospital in Solna, Stockholm.

Two jailed for match-fixing in Swedish football
Photo: Björn Lindgren/TT

A Swedish appeals court has jailed two football players and handed suspended sentences to four others for their involvement in a match-fixing scandal.

How many Swedes were unfaithful last year?
Photo: Sandra Qvist/TT

It kind of depends how you define it.

Brexit
'A Swedish passport means more than a British one now'
A Swedish passport. Photo: Jessica Gow/TT

The Local spoke to Brits living in Sweden on how they feel about the Brexit vote, one week on.

Want a job? Here’s where Sweden needs people
Nurses are in high demand in Sweden. Photo: Lars Pehrson/SvD/TT

It’s not always easy to find work in Sweden, but there are quite a few professions crying out for new workers in the coming year.

Top Swedish businesswomen slam boardroom quota plan
Antonia Ax:son Johnson opposes the plan. Photo: Jessica Gow/TT

It's a slippery slope, they say.

Sponsored Article
5 reasons you should try dating with The Inner Circle
Business & Money
Swedish banknotes expire this week
Sponsored Article
Why Swiss hospitality graduates are in demand
Gallery
People-watching: June 29th
International
Foul-mouthed attack on young Swedish mother in England
Blog updates

28 June

A message for British expats in Sweden (The Diplomatic Dispatch) »

"The people of the United Kingdom have voted to leave the European Union. As Prime Minister…" READ »

 

10 June

i lördags, på lördag – time phrases for present, past and future (The Swedish Teacher) »

"Hejsan! Swedish time phrases can be difficult to master. It takes a lot of practice to…" READ »

 
 
 
Private
The Local Voices
'Having a Middle Eastern name makes life in Sweden hard'
Sponsored Article
International students in Stockholm partner with Nepal school
National
Is this Swede the new Vincent van Gogh?
Politics
Citizenship applications up 500% for Brits in Sweden
National
The humble Swede who sent England home from Euro 2016
Sponsored Article
Why you should attend an international job fair
Gallery
Property of the week: Torhamn
Sponsored Article
Avoid hidden fees when sending money overseas
Private
The Local Voices
'Sweden is the best place for people with special needs'
International
'A morning of sorrow': Sweden reacts to Brexit vote
Sponsored Article
Education abroad: How to find an international school
International
Sweden opposition cools talk of 'Swexit' poll
Sponsored Article
The man behind Sweden's biggest music festival
International
'Devastated' - Brits in Sweden shocked by Brexit vote
Gallery
People-watching: June 22nd
Sponsored Article
US expats: Have you met your tax deadlines?
Private
The Local Voices
'Swedes don't treat me differently because I wear a hijab'
Sponsored Article
Malmö: Home to the best food in Sweden?
Culture
How do Swedes celebrate Midsummer?
Sponsored Article
VIDEO: Why Malmö is the world's 6th best city for biking
Culture
Coming soon: Sweden’s smelly fermented fish
Sponsored Article
5 reasons you should try dating with The Inner Circle
National
Assange lawyer: Sweden should recognize UN opinion
Private
The Local Voices
Why is this Syrian dentist who hugs like a Swede worried about undies?
Sponsored Article
6 simple travel hacks that will make your life easier
Swedish nationalist 'shot and ate' lion and giraffe
Analysis & Opinion
'Sweden's residency revamp is harmful and inhumane'
Photo: The Local
The Local Voices
UNHCR boss: 'It's hard to start your life without your family'
Politics
VIDEO: Brits in Europe say why UK should stay
Photo: Marko Risović
The Local Voices
World Refugee Day: Searching for safety in Europe - in pictures
3,314
jobs available
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se