Your passwords are vulnerable. Change them.

(47 Posts)
Edw4rdSnowden Sat 12-Apr-14 14:53:14

Dear Mumsnet

Your 'tech support' (ha) have taken you for a ride. This site's security response to the Heartbleed exposure ( heartbleed.com/ ) has been woeful and anyone with slightest know-how of OpenSSL has been able to grab the logging-in details of Mumsnet users (including administrators). I could post screencaps of the board where this geezer has been posting up how funny he is messing around with mumsnet but that's by the by.

This is especially dire news if you've been daft enough to use the same password for mumsnet as you had for your email addresses and amazon accounts etc.

Change all your passwords immediately, ESPECIALLY if your mumsnet password is one you foolishly use for other services.

Finally I urge you to reconsider whether this website and its administrators take your security seriously.

yourlittlesecret Sat 12-Apr-14 16:14:01

Postman Ahh now you tell us after I spent ages thinking up an inspired new PW. So do I change it back now?

I started a thread on geeky earlier about password managers. This made me think perhaps I don't take enough precautions.

cozietoesie Sat 12-Apr-14 16:14:51

Change it in a week or two as well.

ballsballsballs Sat 12-Apr-14 16:16:07

Fuxache.

firstchoice Sat 12-Apr-14 16:16:17

should we change passwords for paypal etc?
(mine are not the same as for MN but, even so?)

are online banking / paypal ones okay, does any one know???

ItsAllGoingToBeFine Sat 12-Apr-14 16:18:29

Some of you may or may not find this site reassuring:
https://www.pwnedlist.com/

It'll monitor lists of hacked accounts and see if your email address appears.

EatShitDerek Sat 12-Apr-14 16:19:21

Fuck changing passwords. Only emails I get is from Christian Singles wanting to Mingle.

So what of someone hacks my MN account. Not much you can do but abuse random strangers. Its happened without hacking.

yourlittlesecret Sat 12-Apr-14 16:20:19

Not sure I want to put my email into a website about hacking.
<wobble>

cozietoesie Sat 12-Apr-14 16:22:46

They say they're fine, firstchoice.

That's a fair point Derek. We should be reserving worry for sites where problems can seriously impact lives and not necessarily MN. (I'm sure that if you're found to have been hacked and someone starts to 'abuse random strangers' under your MN guise, MNHQ will treat it sympathetically. wink)

EatShitDerek Sat 12-Apr-14 16:25:53

I can give it a go and find out, like an experiment grin

Someone has pretended to be me without hacking.

Plus they are shit as there is so much more you could have done when hacking Justines account. I know what I would have done grin

RandallFloyd Sat 12-Apr-14 16:28:02

Oh I'm not particularly bothered about my MN being hacked.
All that would do is make me a bit more interesting for a while!

It was more for other things. I don't think I use the same email/password combo for anything else except ApprovedFood and MyFitnessPal so they're welcome to go nuts there too but I've changed it anyway. Mainly because Rebecca told me to!

yourlittlesecret no just change it to another new one when the bug is fixed. And don't change passwords for other sites to the same one!

Any site running the relevant version of OpenSSL is vulnerable so your data could be retrieved from various places. It's even more of a problem if you use the same password for more than one site as your password could be retrieved from one site then used in other ones to get into your accounts.

EatShitDerek Sat 12-Apr-14 16:29:56

Guess my pinterest is in danger then grin They could take over the world if they hacked that

RandallFloyd Sat 12-Apr-14 16:30:18

If I'd hacked Justine's account I would be bitch plopping all over the shop grin

cozietoesie Sat 12-Apr-14 16:31:05

Out of interest, has one single instance of the vulnerability being used by bad guys been identified? (Just because someone has found out that it can be done doesn't mean that it actually has been done.)

EatShitDerek Sat 12-Apr-14 16:31:24

Randall I would be banning all the nobbers and then give myself HQ powers.

sillymillyb Sat 12-Apr-14 16:32:15

Someone posted a website with a list of mumsnet usernames and passwords on the other thread. It's been taken down now but there was clearly identifiable posters on there.

RandallFloyd Sat 12-Apr-14 16:32:22

Pinterest! I hadn't thought of that. Imagine what they could do with my vast collection of recipes I'll never make, sarcastic e cards, and texts from the dog shock

cozietoesie Sat 12-Apr-14 16:33:36

Sorry - that would be a 'reliable instance'. I'm sure there are people plopping data from various sources all over the web. Just for badness.

RandallFloyd Sat 12-Apr-14 16:33:54

<dreams of having HQ powers>

MrsWembley Sun 13-Apr-14 22:14:47

<snores>

<mumble mumble splutter cough cough>

Wha??? I was away? Wha's happ'ning? Who did wha'?

<mutters something along the lines of 'that'll teach me for camping somewhere without wi-fi'>

<coughs, splutters, goes back to sleep>

<wakes up long enough to change password, goes back to sleep again>

AmyMumsnet (MNHQ) Mon 14-Apr-14 10:48:48

Hi everyone,

We've responded to what's going on over here.

Apologies for all the inconvenience caused by changing passwords, but it's hopefully less inconvenient than someone using all of your hilar Pinterest memes for evil <--hopes no one asks for examples of how-->.

AmyMumsnet (MNHQ) Mon 14-Apr-14 10:49:20

Oh God, I can't even use strikethrough effectively. HQ powers are clearly squandered on me.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now