Swedes uncover Disqus user security breach

David Landes reports:

A group of Swedish journalists are sitting on a goldmine of 29 million online comments, with information about users’ identities, from news sites around the world thanks to a security flaw in debate moderation service Disqus.

After outing several ‘online haters’ at home, which caused several resignations from the populist, far-right Sweden Democrat party, the Swedish investigative journalists behind the revelations said they had accessed the identities of several million commenters using the popular Disqus system.

[…]

While the thrust of the research focused on far-right sites in Sweden, data was also collected from news sites elsewhere in the world, including CNN, The Telegraph, ABC News, and The Jerusalem Post, as well as from mainstream Swedish news site such as Svenska Dagbladet, SVT Debatt as well as The Local.

Members of the Research Group quickly realized, however, that the data they received also came with metadata that included the email addresses tied to anonymous Disqus accounts.

Read more on The Local (SE). The reporter includes a response from Disqus which states, in part:

“Disqus has not been cracked. No emails were leaked by Disqus,” vice president for marketing Stephen Roy said in a statement released on Tuesday.

He explained that Disqus offers API services that include “MD5 hashes” of email addresses that allow users to access third-party services such as Gravatar, which in turn permits users to display a consistent avatar across platforms.

“This appears to be a targeted attack on a group of individuals using pattern matching of their activity across the web, associated with email addresses used by those individuals,” said Roy, calling the actions a breach of Disqus privacy regulations. “As in all such cases, we are terminating the account.”

Roy added that Disqus was disabling use of the Gravatar service and removing the MD5 hash email from its API.

 

About the author: Dissent

Has one comment to “Swedes uncover Disqus user security breach”

You can leave a reply or Trackback this post.
  1. Anonymous - December 13, 2013

    Researchgruppen was until a few years ago called AFA Dokumentation (Anti-Fa Documentation). It was the extreme left intelligence ‘police’, with their registers and death lists.

    Its led by a ‘former’ AFA-leader Fredriksson who is sentencend to several political and violent crimes. And is owned by the grandson of Olof Aschberg, the banker who helped finance Lenin, Trotskij, the October revolution and the mass killings of orthodox christians in Russia, and the theft of their churches cultural treasures, gold and icons.

    Which Olof Aschberg melted down and sold on the black market.

    The grandson of Olof Aschberg (and owner of Researchgruppen) is called Robert Aschberg, and was a leading maoist in Sweden, until the eighties. He now is a priced journalist and TV-producer.

Comments are closed.