STOCKHOLM, 2nd April 2014, (SPNW) - The San Francisco-based blog comment hosting service Disqus has suspended an account used to obtain and decipher the e-mail addresses of a group of users. The information was used by the Bonnier-owned tabloid Expressen in Sweden to match anonymous political commentary to real individuals who were later confronted by the tabloid's reporters. Disqus has reported the matter to law enforcement locally and in Sweden.
Disqus insists that the popular platform with over half a billion users hasn't been "cracked". However, an official statement posted online by the company on 10th December 2013 admits that its application program interface or API- a tool that allows developers special access to a web service to develop new programs for using it- had been exploited by a group of activists working together with Expressen.
In a statement today Steve Roy vice president of marketing and communications at Disqus told SPNW that Disqus has already taken measures to close the susceptable link between Disqus and Gravatar which was only weakly encrypted with MD5 hashes of user e-mail addresses. He added: "At Disqus, we take the safety and privacy of users seriously as it is extremely important to our company".
According to Roy, Disqus has contacted law enforcement in Sweden and the United States regarding the incident.
Users of the service who have been affected by the exploit were located and confronted by reporters from Expressen regarding their political views and assumedly anonymous comments. Some users were approached and filmed by the tabloid's reporters right outside of their homes, after information obtained through the data security breach was handed over to and used by Expressen.
They commenced a crowdfunding campaign in December 2013 in order to file a defamation lawsuit against Thomas Matsson who is editor-in-chief of the Swedish tabloid.
The defamation lawsuit fund drive exceeded its goal of 57,000 euros yesterday.
Sources | SPNW