• Sweden's news in English
 
jobs_header_v3

Swedes uncover Disqus user security breach

David Landes · 12 Dec 2013, 15:15

Published: 12 Dec 2013 15:15 GMT+01:00

Facebook Twitter Google+ reddit

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Facebook Twitter Google+ reddit


Your comments about this article

Today's headlines
Swedes protest cutbacks in personal assistance budget
Demonstrations were held in 25 towns and cities across Sweden on Saturday. Photo: Janerik Hansson / TT

Thousands of people staged demonstrations across Sweden on Saturday to protest recent cutbacks in the budget funding personal assistance for people with disabilities.

Police launch manhunt after deadly Stockholm shooting
No suspects have yet been arrested over the attack. Photo: Claudio Bresciani/TT

Swedish police have launched a massive manhunt after masked gunmen barged into a Stockholm café and shot two people to death late on Friday.

Sweden has fourth happiest workers in the world: report
Is Swedish fika the secret? Photo: Fredrik Sandberg/TT

Sweden is home to the fourth happiest workers in the world, an international survey has claimed.

Here's how much Ikea staff are getting for Christmas
Christmas comes early for Ikea staff. Photo: Vegard Wivestad Grøtt/NTB scanpix/TT

Staff at Ikea are getting an early Christmas treat in the form of millions of euros to share between them.

Sweden threatens action to stop Facebook 'hate and lies'
Should Facebook crack down on hate speech? Photo: AP Photo/dapd, Timur Emek

Sweden could impose legal obligations on Facebook as a last resort if the social network does not crack down on hate speech and fake news, the culture and democracy minister has threatened.

In pictures
This is what Sweden's new Icehotel looks like
An artist's impression of the hotel in winter. Photo: PinPin Studio/Icehotel

The famous Icehotel in Jukkasjärvi has just opened its new year-round section. Have a look at some of the first pictures of one of the world's most unusual hotels here.

The Local List
Sweden's pioneering free press act turns 250
It doesn't look bad for 250 years old. Photo: Regeringen

On the day of its 250th anniversary, The Local looks at five facts worth knowing about Sweden's groundbreaking Freedom of the Press Act.

Beware ice, Swedes warned after string of accidents
File photo of a Swedish car not related to the story. Photo: Tomas Oneborg / SvD / TT

Swedes have been warned to be on their guards as stretches of the country's southern roads turned into ice rinks due to the chilly temperatures, causing a string of car accidents.

The Local List
Ten things you should never say to a Swede
These things are guaranteed to anger Swedes. Photo: Fredrik Sandberg/TT

The Local List
Seven bizarre Swedish academic traditions
Student life in Lund, southern Sweden. Photo: Johan Nilsson/SCANPIX

The Local guides you through Sweden's ancient universities' top academic traditions all foreign students need to know about.

Sponsored Article
Smart songwriters: Sweden's next big music export?
National
Final proof that Sweden has NOT banned Christmas lights
Sponsored Article
Why Stockholm attracts so much talent from abroad
Travel
IN PICTURES: Stockholm's new myth-busting Viking museum
The Local Voices
Job market matchmaker hooks up 1,300 newcomers and Swedes
Blog updates

14 November

Hello darkness, my old friend (The Diplomatic Dispatch) »

"I started thinking about November’s blog for The Local at the end of October, as the…" READ »

 

6 October

10 useful hjälpverb (The Swedish Teacher) »

"Hej! I think the so-called “hjalpverb” (auxiliary verbs in English) are a good way to get…" READ »

 
 
 
Sponsored Article
18 Stockholm innovations to keep an eye on
Gallery
People-watching: November 30th
Sponsored Article
Sweden to Hong Kong: The Local guide
National
This is how cold it's going to get in Sweden this week
Gallery
Property of the week: Skellefteå
National
Inside Sweden's perilous Sami reindeer pilgrimage
Sponsored Article
Programmers' bootcamp: Change your life in 12 weeks
The Local Voices
'My name is Sami and I am a proud Swede - it hurts when people say I'm not Swedish'
Sponsored Article
We visited 5 'murder spots' in Malmö
National
Swedish Advent 'less popular than Christmas Eve'
Gallery
People-watching: November 25th-27th
Sponsored Article
Why Stockholm startups are teaching kids to program
Swedish city to put all workers through LGBT course
Sponsored Article
Smart songwriters: Sweden's next big music export?
National
The five weirdest attacks on Sweden's giant straw yule goat
Gallery
People-watching: November 23rd
Sponsored Article
'Learning to trade gave me the life I wanted'
The Local Voices
'Swedes are stylish: you need to dress well if you want to fit in'
Sponsored Article
Stockholm: leading the way in clean energy innovation
National
Critics slam Swedish paper's Donald Trump cartoon as anti-Semitic
Sponsored Article
Michael Björklund: 'Being a chef is crazy work'
National
Men call Sweden's mansplaining hotline for mansplaining tips
Sponsored Article
We visited 5 'murder spots' in Malmö
Gallery
Property of the week: Gotland
Sponsored Article
HIV in Sweden today is not like it was yesterday
Gallery
People-watching: November 18th-20th
Sponsored Article
Mette Helbæk: ‘We have a basic human need to connect'
Culture
Shooting starts on The Bridge 4
Sponsored Article
Terje Håkonsen: 'I try to make everything count'
Travel
Sweden's ten most beautiful places
Sponsored Article
Lina Thomsgård: 'I try to break down barriers every day'
The Local Voices
Having a Swedish girlfriend didn't help this Egyptian evade culture shock
Sponsored Article
'We wanted to turn ideas into action'
Gallery
People-watching: November 16th
Culture
What the world of Harry Potter would look like... set in Sweden
National
Here's where Sweden's best non-native English speakers live
The Local Voices
This new book by a Syrian writer gives refugee children their own hero
Politics
Do Swedish polls underestimate support for Sweden Democrats?
3,561
jobs available