• Sweden's news in English
 
app_header_v3

Swedes uncover Disqus user security breach

David Landes · 12 Dec 2013, 15:15

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Story continues below…

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Swedish court detains 'terror plot' suspect
Attunda district court north of Stockholm. Photo: Maja Suslin/TT

Swedish court detains 'terror plot' suspect
0 minutes ago

A man based in the Stockholm area has been detained on suspicion of preparing to carry out an act of terrorism in January.

First gig for Paris attacks rockers looms in Stockholm
The Eagles of Death Metal performing at a Swedish festival in 2012. Photo: Adam Ihse/TT

First gig for Paris attacks rockers looms in Stockholm
1 hour ago

The Eagles of Death Metal will play their first solo concert since the Paris attacks, at a small gig in the Swedish capital this weekend.

Swedish cop lets suspect go 'because it's Friday'
Fighting crime the Swedish way. Photo: Fredrik Sandberg/TT

Swedish cop lets suspect go 'because it's Friday'
3 hours ago

This is how seriously the Swedes take their work-life balance.

Is this our last glimpse of Swedish royal's baby bump?
Princess Victoria, centre, at the Global Change Awards. Photo: Anders Wiklund/TT

Is this our last glimpse of Swedish royal's baby bump?
6 hours ago

Sweden's pregnant crown princess has made her final public appearance before the birth of the country's next baby royal.

Sweden slashes interest rate to new record low
Sweden has had negative interest rates since last year. Photo: Fredrik Sandberg/TT

Sweden slashes interest rate to new record low
8 hours ago

Sweden's central bank has cut the country's already historically low interest rate even further.

Swedes will not send jets to help French fight Isis
A Jas Gripen used in an Arctic exercise last year. Photo: Foto: Lars Pehrson/SvD/TT

Swedes will not send jets to help French fight Isis
10 hours ago

UPDATED: Leaked documents suggest the Swedish military can't afford to send Jas Gripen jets to support France's fight against Isis.

Swedish terror convicts won't have nationality stripped
A group of pro-Isis protesters in Iraq in 2014. Photo: TT/AP

Swedish terror convicts won't have nationality stripped
11 hours ago

Politicians have rejected a proposal to stop Swedes convicted of terror crimes retaining their nationality.

What's on
Five fab Valentine's ideas whether you're dating or not
Photo: Found Animal Foundation/Flickr

Five fab Valentine's ideas whether you're dating or not
12 hours ago

Here are the the best ways to spend Valentine’s Day in Sweden, as well as our regular weekly listings.

Eight teens suspected of child rape in Sweden
A police car investigating a separate incident in Gothenburg. Photo: Fredrik Sandberg/TT

Eight teens suspected of child rape in Sweden
1 day ago

Eight teenage boys have been arrested in connection with an alleged gang rape of a child in Gothenburg in western Sweden.

Julian Assange
'Sweden is a country with fair reputation for justice'
Julian Assange at Ecuador's London embassy. Photo: AP Photo/Kirsty Wigglesworth

'Sweden is a country with fair reputation for justice'
1 day ago

British PM David Cameron has backed Swedish prosecutors, saying Wikileaks founder Julian Assange should hand himself over and "end this sorry saga".

Sponsored Article
US taxes and FATCA: 'The time for hiding is over'
National
Can you spot the dildo in this photo?
Sponsored Article
Just landed? Here's the secret to finding work in Stockholm
Culture
Seven facts about the shy Swede behind the world's pop music
Travel
Why are people so happy in Malmö?
Blog updates

9 February

Förr, förut, förrän, före and … innan! (The Swedish Teacher) »

"Hejsan! A long time ago, I got this question: It would be a huge help if you could…" READ »

 

5 February

Editor’s blog, February 5th (The Local Sweden) »

"Hello readers, A friend of mine wrote from abroad this week to ask me if international media…" READ »

 
 
 
Sponsored Article
How to set up shop in the 'Silicon Valley of Sweden'
National
Less than one percent of Swedish crimes linked to refugees
Sponsored Article
Luleå: 8 winter must-dos in Sweden's far north
Features
Single? Here are the ten Swedish words you have to learn
Fastighetsbyrån
Gallery
Property of the week: Lindesberg, Örebro
Lifestyle
VIDEO: What's the fuss about Sweden's semla bun?
Sponsored Article
Swiss hospitality: The ladder to your international career
Culture
Ten fab Swedish hits for February
Sponsored Article
Ice magic at north Sweden island lodges
Finest
Gallery
People-watching: February 6th-7th
Travel
Stockholm's eight REAL no-go zones
Sponsored Article
Stockholm's secret ski resort: Kungsberget
Gallery
People-watching: February 3rd
Sponsored Article
Lofsdalen: The real Swedish wilderness
National
'How confronting the man who robbed me gave me closure'
Analysis & Opinion
DEBATE: Why are Swedes so obsessed with Nordic skiing?
Culture
See which Swedish museums are now opening up for free
Gallery
Property of the week: Insjön, Nacka
National
VIDEO: Tensions caught on camera inside Swedish asylum home
Gallery
People-Watching: January 29th - 31st
International
How will Sweden deport up to 80,000 failed asylum seekers?
Sport
When you gotta go... Swedish racing dog does poo and then takes gold
Sport
Guess who just got a HUGE pay rise?
Travel
WATCH: Five top tips for safe ice skating on Sweden's gorgeous lakes
Gallery
People-watching: January 27th
National
'Sweden could be at war within years'
3,494
jobs available
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se