• Sweden's news in English
 

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Lukewarm support for 'alternative pride march'
Participants were outnumbered by some 100 counter-demonstrators. Photo: Bertil Ericson/TT

Lukewarm support for 'alternative pride march'

Fewer than a couple of dozen demonstrators turned up to walk in a controversial gay rights parade organized by far-right campaigners in Sweden on Wednesday, according to police. READ  

Swedish police probe mysterious powder
A Swedish police car. File photo: Mikael Fritzon/TT

Swedish police probe mysterious powder

UPDATED: Suspicious white powder sent to Sweden's public broadcaster SVT's offices in Blekinge has been found to be harmless, a police spokesperson told The Local on Wednesday afternoon. READ  

Hedgehogs 'kicked like footballs' in Sweden
The centre suspects that at least ten of the 118 hedgehogs the centre has taken in so far this year have been hurt by people. File photo: Drago Prvulovic/Scanpix

Hedgehogs 'kicked like footballs' in Sweden

Shocking reports from a rescue centre in western Sweden about cruel abuse of hedgehogs have put the Nordic country's reputation as an animal-friendly nation in a different light. READ  

Swedish streaming site to shut down after raid
Swefilmer administrator Ola Johansson has announced that the site will close for good on Friday July 31st. Photo: Vilhelm Stokstad / TT

Swedish streaming site to shut down after raid

A popular Swedish film-streaming site has announced that it will shut down after police arrested and searched the home of one of the site’s administrators. READ  

Sweden sitcom pulled over 'craptastical' ratings
Welcome to Sweden actors Lena Olin, Greg Poehler and Josephine Bornebusch. Photo: Nora Lorek/TT

Sweden sitcom pulled over 'craptastical' ratings

The creator of 'Welcome to Sweden' has announced that NBC has cancelled the Swedish-American sitcom in the US because of "craptastically low ratings". READ  

Salvagers deny Swedish sub wreck was PR stunt
Ocean X Team members Peter Lindberg and Dennis Åsberg. Photo: Ocean X Team

Salvagers deny Swedish sub wreck was PR stunt

Speculation was running high on Wednesday over the discovery of a wrecked submarine off the coast of Sweden, after the military said it was likely a Russian vessel which ran aground a century ago. READ  

The Local List
Nine ways to become a truly Swedish woman
How to become a Swedish woman. Photo: Susanne Walström/imagebank.sweden.se

Nine ways to become a truly Swedish woman

Have you ever paid for yourself on a date - or yelled at a man for whistling at you on the street? Then you may be more typically Swedish than you think. We’ve put together a list of nine experiences that make a truly Swedish woman. READ  

Malmö police shortages 'putting public at risk'
Police investigating the latest in a series of explosions in Malmö on Sunday. Photo: Johan Nilsson/TT

Malmö police shortages 'putting public at risk'

Malmö's summer of violence coupled with police staff shortages over the holiday season could be putting the public at risk in Sweden's third biggest city, a police union said on Wednesday. READ  

Swedish sub wreck an imperial Russian vessel
A Som class submarine similar to the one believed to have been found in Swedish waters. Photo: Wikimedia Commons

Swedish sub wreck an imperial Russian vessel

UPDATED: A wrecked submarine found off the coast of Sweden is likely a Russian vessel that ran aground a century ago, the Swedish Armed Forces told The Local on Tuesday afternoon. READ  

Analysis
Why are Swedes so scared of Russian subs?
Not the Russian submarine mentioned in the article. Photo: AP Photo/Dmitry Lovetsky

Why are Swedes so scared of Russian subs?

UPDATED: News a wrecked Russian submarine had been found in Swedish waters stirred debate in Sweden on Tuesday - nine months after another high-profile hunt for a mystery underwater vessel. The Local asked an expert about the Swedes' seeming obsession with Russian submarines. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
National
Why are Swedes so scared of Russian submarines?
Lifestyle
New snaps of Sweden's baby prince
National
Free bus cards for refugees in Sweden
Gallery
Property of the week: Simrishamn, Skåne
National
Why has Snoop Dogg said he will never return to Sweden?
Blog updates

24 July

Editor’s blog, July 24th (The Local Sweden) »

"Dear readers, Our most read story this week was our tongue-in-cheek guide on how to become a..." READ »

 

15 July

Climate Change: A New Risk Assessment (The Diplomatic Dispatch) »

"Climate change is one of the most serious threats facing the world today.   The UK is..." READ »

 
 
 
Sponsored Article
Getting pregnant the Swedish way
Features
Five outrageously harsh tourist comments about Sweden
Sponsored Article
Why is Sweden still working with Russia?
Gallery
People-watching: July 24th-26th
Travel
Seven ways to beat the Swedish rain
National
Should Sweden's alcohol stores be open on weekends?
National
How to become a Swedish man
Gallery
People-watching: July 22nd
Lifestyle
How to never miss your favourite features on The Local
National
Royal husband on 'breadwinner' role
National
Stockholm to ban all cars for one day
Sponsored Article
Outsourcing drives Apreel's Europe growth
Gallery
Property of the week: Sölvesborg, Blekinge
National
Questions over who would replace Swedish PM in a crisis
Gallery
IN PICTURES: July summer snaps
Gallery
People-watching: July 17th-19th
National
Why are Swedish women joining Isis?
Travel
Ten Stockholm streets you just have to walk down
Sponsored Article
'Swedish women must demand their partners use a condom'
Sport
Did UK football parents threaten Swedish kids?
Technology
Stockholm scientists find world's oldest sperm
Gallery
People-watching: July 15th
National
Angry Swede uses bird nest as fake speed camera
National
Meatball row as Ikea changes recipe
National
Sweden's new princess in spotlight
National
Slimy slugs go on sale to raise cash for EU migrants in Sweden
National
Crown Princess Victoria turns 38
Sponsored Article
Harstena: Life in Sweden's secret archipelago
National
Is this the best marriage proposal story in Malmö's history?
Sponsored Article
'Biofuels critical for climate-friendly flights'
Sponsored Article
Gaps don't have to kill your Swedish CV
National
Why summer could be the best time to invest in a Swedish property
Gallery
Property of the week: Bollnäs, Hälsingland
National
Swedish house on sale for one krona
National
Would you give this ugly food a home?
Gallery
People-watching: July 10th-12th
Travel
Foreign hikers in Sweden set to get more help in English
National
Prince Nicolas enjoys first summer
National
Meet the amazing Swedish granny who loves theme parks
National
Stockholm to host Eurovision 2016
Travel
Five quirky summer tours in Sweden
Gallery
People-watching: July 8th
National
Is this Sweden's biggest burger?
Business & Money
How Greece is affecting Sweden
Sponsored Article
'Swedish industry needs US trade deal'
National
Hundreds mourn teen Swedish murder victim
Sponsored Article
Sweden's 'incredible' chance to connect
Sponsored Article
'Today's refugees could be tomorrow's Zlatan'
Sponsored Article
Crans-Montana: International expat hub
Sponsored Article
‘I don’t feel Swedish, I feel international’
Sponsored Article
VIP Mingle at Almedalen's hottest event
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

3,304
jobs available
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
psdmedia.se