• Sweden edition
 
Swedes uncover Disqus user security breach
A screengrab from the Disqus debate tool website.

Swedes uncover Disqus user security breach

Published: 12 Dec 2013 15:15 GMT+01:00
Updated: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Thief caught on camera - police drop case
Happier times at Park Lane: Charles Simonyi and Lisa Persdotter celebrate thier wedding in 2008. Photo: Björn Larsson Rosvall/Scanpix

Thief caught on camera - police drop case

Damning video evidence and an apology from an alleged thief’s daughter were not enough to convince police that a well-known criminal had stolen hundreds of thousands of kronor worth of equipment from one of Gothenburg’s most popular night spots. READ  

Opinion
Sweden 'missed' global opportunities
Sweden's outgoing Foreign Minister Carl Bildt. Photo: TT

Sweden 'missed' global opportunities

As Stefan Löfven attempts to form a coalition government, Social Democrat MEP Jytte Guteland says her party needs to focus on Sweden's international image. READ  

National
Politics 'most shared' topic in Sweden
Photo: Shutterstock

Politics 'most shared' topic in Sweden

Swedes are more likely to share posts or articles on politics than on any other issues, according to a new report from Mid Sweden University. READ  

National
Fears schoolboy murdered in Sweden
Photo: TT

Fears schoolboy murdered in Sweden

Police in Halmstad say the results of forensic tests suggest a 16-year-old boy found dead in a creek was murdered. READ  

National
Elk hunters risk injury in Sweden’s woods
Hunter Ingela Olsson loads her rifle at sunrise in Norrbölla, northern Sweden. File photo: Gunnar Lundmark/SvD/Scanpix

Elk hunters risk injury in Sweden’s woods

Sweden’s vast annual elk hunt spells danger not just for the majestic animals but also for hunters, with crumbling towers and over-tiredness just two of the season’s perils. READ  

Malmö
Rat invasion closes Malmö preschool
Rats like this one have been found in a kindergarten. Photo: TT

Rat invasion closes Malmö preschool

Children in central Malmö are staying at home on Tuesday after a rat infestation was discovered at their kindergarten. READ  

National
Sweden's benefit agency site restored
Photo: TT

Sweden's benefit agency site restored

UPDATED: Sweden's Social Insurance Agency website is working again after being out of action since Monday. READ  

National
Swedish teenagers abused on Secret app
File photo: Fredrik Sandberg/Scanpix

Swedish teenagers abused on Secret app

Swedish police are struggling to know what to do with a new batch of criminal reports filed by teenagers upset about a controversial app that allows users to post comments and pictures anonymously. READ  

National
Swedish man beats bus in video challenge

Swedish man beats bus in video challenge

UPDATED: A Swedish runner who filmed himself beating his bus in Sundbyberg in north west Stockholm over the weekend is now planning to a similar challenge on the capital's Metro system. READ  

Regional
Rain causes power cuts across east Sweden
Strong winds are battering Stockholm and the east coast of Sweden. Photo: TT

Rain causes power cuts across east Sweden

Heavy rain and wind have left thousands without electricity in eastern Sweden, with ferries also disrupted by the storm. READ  

RECEIVE OUR NEWSLETTER AND ALERTS
Gallery
Property of the week - Torslanda
Finest
Gallery
People-watching: September 20th
The 'black gold' of Sweden's west coast.
National
West Sweden prepares for the 2014 lobster premiere
Society
What's on in Sweden
Politics
How Sweden Democrats went mainstream
Blog updates

22 September

Welcome National Geographic! (Stockholm in my American Heart) »

"What comes to mind when you think of the “The Arctic”? Crystal-encased cliffs jutting from the sea, baronial Polar bears scavenging over sheets of cracked ice or a lone explorer heading north into the night. The image my mind invokes is of three sparkling green lines splashed across the sky like graffiti— the Aurora Borealis— our..." READ »

 

19 September

Editor’s blog (The Local Sweden) »

"Happy Friday readers! It sure has been a exciting week in Sweden, where we’re set to get a new Prime Minister after Fredrik Reinfeldt stepped down following Sunday’s elections. The Local blogged live from the key political gatherings across Stockholm. Why not re-visit the action by taking a look at our photos, tweets, videos and analysis? Since the..." READ »

 
 
 
Politics
Scandinavia and Scotland: closer links?
Gallery
Property of the week - Eskilstuna
Sponsored Article
How to start a business in Stockholm
Society
How I became a surf blogger when I moved to Sweden
Gallery
People-watching: September 13th
Society
Why is Stockholm's Södermalm so cool?
Gallery
People-watching: September 11th
Gallery
People-watching: September 13th
Politics
Five possible election outcomes
Politics
Sweden elections: How do they work?
Politics
Sweden elections: Who's who?
Gallery
Property of the week - Hornstull, Stockholm
Analysis
Five differences between the UK and Sweden
Welshman Jonny Luck is now a chef in Sweden
Society
How I opened my own restaurant in Sweden's Malmö
Sponsored Article
Stockholm tech fest: relive the magic
Gallery
People-watching September 8th
Photo: TT
Politics
Feminists fight for first seats
Politics
Immigration cut push from Sweden Democrats
Sheryl Sandberg says women have "low expectations"
Tech
Facebook exec talks women's limits in Swedish business
Politics
Left Party calls for justice and equality
Sponsored Article
Introducing… Insurance in Stockholm
Sponsored Article
Graduates: Insure your income in Sweden with AEA
Latest news from The Local in Austria

More news from Austria at thelocal.at

Latest news from The Local in Switzerland

More news from Switzerland at thelocal.ch

Latest news from The Local in Germany

More news from Germany at thelocal.de

Latest news from The Local in Denmark

More news from Denmark at thelocal.dk

Latest news from The Local in Spain

More news from Spain at thelocal.es

Latest news from The Local in France

More news from France at thelocal.fr

Latest news from The Local in Italy

More news from Italy at thelocal.it

Latest news from The Local in Norway

More news from Norway at thelocal.no

841
jobs available
Swedish Down Town Consulting & Productions
Swedish Down Town Consulting & Productions is an innovative business company which provides valuable assistance with the Swedish Authorities, Swedish language practice and general communications. Call 073-100 47 81 or visit:
www.swedishdowntown.com
PSD Media
PSD Media is marketing company that offers innovative solutions for online retailers. We provide modern solutions that help increase traffic and raise conversion. Visit our site at:
http://psdmedia.se
If you want to drink, that’s your business.
If you want to stop, we can help.

Learn more about English-language Alcoholics Anonymous in Sweden. No dues. No fees. Confidentiality assured.
AA-EUROPE.ORG/SWEDEN