• Sweden's news in English
 
app_header_v3

Swedes uncover Disqus user security breach

David Landes · 12 Dec 2013, 15:15

Published: 12 Dec 2013 15:15 GMT+01:00

After outing several 'online haters' at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

Martin Fredriksson and his colleagues started collecting Disqus data back in February 2013 as part of a project to more closely analyze anonymous online comments. They hoped to understand more about who was behind hateful and racist comments on far-right websites in Sweden. They unearthed some 6,000 anonymous accounts in Sweden on commission from the tabloid Expressen, which published the data on Tuesday.

Fredriksson told The Local on Thursday that the unmasking of a few thousand users behind pseudonyms used on far-right sites in Sweden could just be the tip of the iceberg.

There were millions of Disqus users whose identity is at risk of exposure, said Fredriksson, responsible publisher (ansvarig utgivare) for the Research Group (Researchgruppen, who said his group's database contained a total of 29 million comments from Disqus users around the world.

"We used an open Disqus API protocol to obtain the data," he said, using a common acronym for "application protocol interface", which specifies how software components should interact with one another. In order to obtain the data more efficiently, Fredriksson wrote a programme that automated the data download requests sent to Disqus servers.

"You usually get around 100 comments with one request, but our system was able to send ten requests at once," he explained.

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

"It came as something as a shock," he said. "We got a lot of data we probably weren't supposed to get."

Fredriksson emphasized that the group didn't use any illicit methods in obtaining the data, but that the information was included in their trawl due to a security flaw at Disqus.

"When you leave a comment as a Disqus user, there is information about the date, username, and the comment itself which is open data," he said. "But (Disqus) also sent us data with coding that made it possible to identify people's email addresses."

After it emerged that Disqus users has been identified in the Expressen news stories, the company was quick to take action.

"Disqus has not been cracked. No emails were leaked by Disqus," vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include "MD5 hashes" of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

"This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals," said Roy, calling the actions a breach of Disqus privacy regulations. "As in all such cases, we are terminating the account."

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

"We will evaluate any further changes that will need to be made based on these actions," he said. Inquiries from The Local for further comment were not immediately returned.

Story continues below…

Fredriksson took exception to the Research Group being painted as wrongdoers by Disqus, explaining that he and his time "didn't even use any account for this, and never had to agree on any terms of service"

"We are researchers and they cannot blame us for researching openly available data. I think the bad guys are those who handle our personal information so carelessly," he said.

Fredriksson went on to admit that he and his colleagues aren't sure what to do with the data now in their possession, but expressed fears about who else might have similar technology that could unmask Disqus users.

"You can imagine a lot of unseemly scenarios," he said.  "Perhaps the authorities in Iran, for example, have data like this from Israeli media sites and might use it to find out who is behind the comments."

Fredriksson said the incident is a wake-up call for news sites and online commenters everywhere to be more aware that their data may not be as safe as they had previously thought.

"People need to know more about the risks that arise when third-parties get access to their data," he told The Local. "It shows how much uncertainty there is in systems like this."

David Landes (david.landes@thelocal.se)

Your comments about this article

Today's headlines
Furious elk mum attacks Swede, breaks his arm
You talkin' to me? Photo: Mikael Fritzon/TT

It came back and attacked him not once, but twice.

Report: Stockholm is at risk of a housing bubble
Apartments in Stockholm. Photo: Tomas Oneborg/SvD/TT

Stockholmers are the third most likely to experience a housing bubble in their city, according to an international ranking.

The Local List
Reverse culture shock: the troubles of leaving Sweden
Does it get more Swedish than this? Photo: Emelie Asplund/imagebank.sweden.se

Why is that stranger talking to me in the elevator?!

Police close Facebook thread after call for help derails
A file photo of police cars on Gotland not related to the article. Photo: Henrik Montgomery/TT

The Gotland Police Facebook post asking the public for information about an unprovoked attack on two boys had to be closed because the comments section spiraled out of control.

US election
What Americans in Sweden think of Trump and Clinton
The Local spoke to Americans in Sweden after the first US presidential debate. Photo: David Goldman/AP/TT

The Local spoke to four US voters based in Sweden about who they are planning on voting for in the November election, and it looks like it's complicated.

Presented by Emirates Center for Strategic Studies
‘Extremism can't be defeated on the battlefield alone’
File photo: sanjitbakshi/Flickr

As Sweden prepares to take a seat on UN Security Council next year, Abu Dhabi-based scholar and author Dr. Jamal Sanad al-Suwaidi argues for a greater UN role to fight extremist ideologies like those that fuel Isis and other terror groups.

Video
Why Swedes want Nasa to send a condom into space
Should a condom be sent into space? It's the burning question some Swedes have posed. Photo: Fredrik Sandberg/TT & Craig Rubadoux/AP

'We can't be sure what alien sex organs look like.'

Mum gives birth on toilet after being told to take paracetamol
File photo of a baby not related to the story. Photo: Christine Olsson/TT

A woman has described how she was told to take a painkiller when she phoned a hospital in Ystad, southern Sweden, in pain. Just moments later she gave birth to a baby in the toilet.

Indians in Sweden told to be wary of travel document scam
File photo of a man using a phone not related to the story. Photo: Fredrik Sandberg/TT

The Embassy of India in Stockholm has urged Indian citizens in Sweden to be wary of scammers who ask for money to fix fabricated errors in travel documents.

Swedes shell out for season's first lobster
Meet Pontus Johansson and his lobster. Photo: Thomas Johansson/TT

Best not to look at the price tag.

Sponsored Article
Expat finances in Sweden: the Common Reporting Standard
Analysis & Opinion
'If Sweden really wants startups, drop the red tape on migration'
Sponsored Article
Let's Talk: a personal Swedish language tutor in your pocket
Gallery
Property of the week: Gotland
National
Trump an 'embarrassment' Springsteen tells Sweden
Blog updates

27 September

Cutting your nose …. (The Diplomatic Dispatch) »

"Last week, Jeremy Browne, the Special Representative for the City of London, visited Sweden. Jeremy was…" READ »

 

7 September

Svensk or svenska? (The Swedish Teacher) »

"Hejsan! My inbox is full of questions :-). Here’s one about when to use “svensk” and…" READ »

 
 
 
Sponsored Article
‘I view the world in a different way now’
Gallery
People-watching: September 23rd-25th
Sponsored Article
'Creating a sense of home': Collective living in Stockholm
Politics
Russian Sweden Democrat aide resigns over suspect deal
National
Muslim teacher leaves job after not shaking male colleague's hand
Travel
Why we adore autumn in Sweden
Sponsored Article
Life in Jordan: 'Undiscovered treasure'
Gallery
People-watching: September 21st
Sponsored Article
Gran Canaria: 'So much more than beaches'
National
Stockholmers hunt killer badger after attack on neighbourhood hipster cat
The Local Voices
Why this Russian developer is committed to helping refugees - with tech
Sponsored Article
Why Jordan is the ‘Different’ East
National
Six key points in Sweden's budget plan
Sponsored Article
How to vote absentee from abroad in the US elections
The Local Voices
How a Swedish name finally made recruiters notice this Iranian's CV
Gallery
Property of the week: Luleå
Sponsored Article
Why Jordan is the ‘Different’ East
Gallery
People-watching: September 16th-18th
Sponsored Article
Retiring abroad: ensuring your health is covered
Culture
Why Swedish TV has given these kids' trucks a sex swap
Sponsored Article
'There was no future for me in Turkey'
National
TIMELINE: Everything you need to know about the Julian Assange case
Sponsored Article
7 reasons you should join Sweden’s ’a-kassa’
Gallery
People-watching: September 14th
Sponsored Article
‘Extremism can't be defeated on the battlefield alone’
Politics
Why Sweden is putting troops on holiday dream island Gotland
The Local Voices
'What I mean when I say: I came here to blow myself up'
Society
VIDEO: Are Swedes that unfriendly?
Features
INTERVIEW: How Arthur the jungle dog opened hearts and minds
Gallery
Property of the week: Smögen, Västra Götaland
Society
Sweden's ancient forest tongue Elfdalian fights for survival
National
Where Sweden's foreigners are from
Gallery
People-watching: September 9th-11th
The Local Voices
'Whenever I apply for jobs I’m treated like an unwanted stranger'
The Local Voices
Is Swedish bosses' ignorance keeping refugees out of jobs?
2,961
jobs available