• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00
Updated: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
National
King Carl XVI Gustaf opens parliament
King Carl XVI Gustaf arriving on Tuesday afternoon. Photo: TT

King Carl XVI Gustaf opens parliament

BREAKING: Sweden's post-election parliament is meeting for the first time following a fanfare opening from King Carl XVI Gustaf. READ  

International
Sweden slammed for ecological footprint
Sweden should increase its renewable energy according to WWF. Photo:TT

Sweden slammed for ecological footprint

Sweden is among the world's top ten polluters according to one of the largest scientific studies looking at the impact of humans on earth, produced by the WWF. READ  

Society
Swede's necklace found after 52 years in lake
Ing-Marie Olofsson whose necklace was found. Photo: Private

Swede's necklace found after 52 years in lake

A 66-year-old Swedish woman got the surprise of her life when a fisherman returned the necklace she dropped in a lake at the age of 14. READ  

International
Apology for Swedish model's stolen photos
Malin Sahlén during a Top Model shoot. Photo: TV3/Nina Holma

Apology for Swedish model's stolen photos

A British newspaper has apologised after a freelance journalist stole a Sweden's Next Top Model contestant's photo and created a fake Twitter account used to trick a UK minister. READ  

Brand stories
Johanna N: beautiful jewellery with a story

Johanna N: beautiful jewellery with a story

Aged just 27 and already living off of her own designs, some may consider Johanna Nilsson lucky. But she doesn't believe in luck. She's the founder of a jewellery line blending sustainability, subtle style, and Scandinavian simplicity - and it's taking the world by storm. READ  

Sport
Heel injury sidelines Zlatan in Barcelona clash
Photo: AP

Heel injury sidelines Zlatan in Barcelona clash

Paris Saint-Germain star Zlatan Ibrahimovic will miss Tuesday's Champions League clash with Barcelona at the Parc des Princes due to a nagging heel problem, the French club have confirmed. READ  

National
Stockholm patient tests negative after Ebola fears
The Infection Clinic at the Karolinska University Hospital in Huddinge. Photo: TT

Stockholm patient tests negative after Ebola fears

A patient in a Stockholm hospital who was suspected of having contracted the Ebola virus was given the all clear on Tuesday morning. READ  

Elections 2014
New coalition agrees on defence and migration
A Jas Gripen. Photo: TT

New coalition agrees on defence and migration

UPDATED: The Green Party has committed itself to expanding Sweden's defence force, while the Social Democrats have compromised on work permits for migrants. READ  

National
Fresh Ebola case investigated in Sweden
The patient is being treated at the Karolinska University Hospital. Photo: TT

Fresh Ebola case investigated in Sweden

Doctors in Stockholm are checking a patient suspected of having contracted the Ebola virus. READ  

Elections 2014
Sweden Democrat wins Deputy Speaker spot
Björn Söder. Photo: TT

Sweden Democrat wins Deputy Speaker spot

Despite most Members of Parliament abstaining from voting, Sweden Democrat party secretary Björn Söder has been announced as one of Sweden's new Deputy Speakers. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
National
Swedish scientists sneak Bob Dylan lyrics into articles
Lifestyle
The five best Swedish songs of the month
Gallery
People-watching: September 28th
National
When Italian style meets Swedish simplicity
Lifestyle
Review: Sweden's first alcohol-free nightclub
Blog updates

28 September

Spoiled Doyle (Blogweiser) »

"What you gotta watch out for in Sweden is the good stuff. http://www.youtube.com/watch?v=Re_EzUe6xpI In Sweden, it’s the good things you have to watch out for. Video on @TheLocalSweden http://t.co/rAb8eGFdTD pic.twitter.com/w37YYwMXy1 — Joel Sherwood (@joeldsherwood) September 29, 2014 " READ »

 

26 September

 (The Local Sweden) »

"Hi readers, Autumn swept into Sweden at the start of this week with snow in the north of the country and flooding in the south. As well as a change in the weather, Sweden’s change in political direction became clearer, with Social Democrat leader Stefan Lofven formally announcing his party would work with the Greens as..." READ »

 
 
 
Gallery
In Pictures: The MS Estonia disaster
Lifestyle
Ten things expat women notice in Sweden
Politics
What's next on Sweden's political stage?
Gallery
Sweden's 2014 election: Most memorable moments
Society
What's on in Sweden
Gallery
People-watching: September 24th
Seaman Oliver Gee with his first lobster
Lifestyle
How to catch the first lobster of the year
Gallery
In Pictures: Fredrik Reinfeldt through the years.
Society
Plucked out of Canada for love and guitars
Gallery
Property of the week - Torslanda
Politics
How Sweden Democrats went mainstream
Politics
Scandinavia and Scotland: closer links?
Sponsored Article
How to start a business in Stockholm
Society
Why is Stockholm's Södermalm so cool?
Politics
Sweden elections: Who's who?
Sponsored Article
Introducing… Insurance in Stockholm
Gallery
Princess Estelle through the years
Business & Money
Five golden rules for the Swedish job hunt
Society
A closer look at Sweden's five official minority languages
Politics
Sweden elections: How do they work?
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

877
jobs available
Swedish Down Town Consulting & Productions
Swedish Down Town Consulting & Productions is an innovative business company which provides valuable assistance with the Swedish Authorities, Swedish language practice and general communications. Call 073-100 47 81 or visit:
www.swedishdowntown.com
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
http://psdmedia.se
If you want to drink, that’s your business.
If you want to stop, we can help.

Learn more about English-language Alcoholics Anonymous in Sweden. No dues. No fees. Confidentiality assured.
AA-EUROPE.ORG/SWEDEN