Due to a security breach we are resetting all passwords across Mumsnet

(730 Posts)

MNHQ have commented on this thread. Read here.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:32:34

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please contactus@mumsnet.com for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

WorraLiberty Sat 12-Apr-14 17:52:06

Done, thanks.

Val I assume half an hour from when you get the email.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:52:08

ThePearShapedToad

Seconded velma

Tell us something only MNHQ would know grin

bear

usualsuspectt Sat 12-Apr-14 17:52:35

If you don't do it within 30 minutes, you have to join Netmums.

MisForMumNotMaid Sat 12-Apr-14 17:53:12

Yeh, you still let me in!

mummylin Sat 12-Apr-14 17:53:21

Done

ChuckitintheBucket Sat 12-Apr-14 17:53:30

What Velma said. Bit reluctant to do this.

EatShitDerek Sat 12-Apr-14 17:53:31

What about those who joined millions of years ago and now have no means of finding that email address they signed up with?

ThePearShapedToad Sat 12-Apr-14 17:53:40

Pombear's enough evidence for me! grin

Doing it now

<salutes special secret hand gesture>

By changing all other passwords,do you mean everything, even if they're different to MN passwords ?

KateSMumsnet (MNHQ) Sat 12-Apr-14 17:54:02

ThePearShapedToad

Seconded velma

Tell us something only MNHQ would know grin

bear bear bear

Think that says it all wink

DoItTooJulia Sat 12-Apr-14 17:54:06

I was logged out earlier, even though I never log out.

I logged back in and was kicked out again. Is this part of the problem or totally unrelated? Either way I'm resetting my password now.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:54:12

WorraLiberty

I'm confused

What time are you removing the passwords from your system and shall I click the link in the OP now and change?

Passwords have now been removed - so you won't be able to get back in until you have reset. <hands out gin>

usualsuspectt Sat 12-Apr-14 17:55:27

<hides under table>

LackaDAISYcal Sat 12-Apr-14 17:55:50

I logged out and got the reset message when I tried to log back in with my existing password.

I think that this thread needs to be at the top of the stickies, and in Big Shouty Capitals rather than tucked away in lower case at the bottom of them Not everyone goes through active convos or even reads stickies, so are you emailing users to ensure everyone sees it?

Also, what other information has slipped out? Registration details? email addresses, dates of birth and real life names?

What good will changing passwords do if the info is already out there?

mummylin Sat 12-Apr-14 17:55:56

It is true or I wouldn't of been able to get back on here. ( crosses fingers)

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:56:53

VelmaD

Stupid question, but how do we know this is you? And not hackers again, after they posed as Justine? (completely aware I am completely over panicking)

We are us <confuses self>
Defo MNHQ staff, Justine is Skiiing and we've been on the phone to her. I am working from home in sunny Bath and Kate and Tech are in Laaandaan. Lots of folks around the country all working for MN and we booted all admin out and we've all logged back in again just before all of this.

Don't make me post a selfie wink

Chottie Sat 12-Apr-14 17:56:56

Thanks MN HQ for keeping us all safe. I've just done mine and it took one minute for the email to come through smile It was so simple just a couple of clicks smile

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:58:59

LackaDAISYcal

I logged out and got the reset message when I tried to log back in with my existing password.

I think that this thread needs to be at the top of the stickies, and in Big Shouty Capitals rather than tucked away in lower case at the bottom of them Not everyone goes through active convos or even reads stickies, so are you emailing users to ensure everyone sees it?

Also, what other information has slipped out? Registration details? email addresses, dates of birth and real life names?

What good will changing passwords do if the info is already out there?

We are working on the shouting and you will receive an email too.

IF they managed to copy passwords before we put the fix in place, then this will render the info they have obsolete for MN.

I will ask Tech re further info and see if he can pop over and post...

EdithWeston Sat 12-Apr-14 17:59:26

If info has already been taken, you can do nothing to get it back.

You may want to think carefully about what info you are giving and to whom for the future.

(I'm waiting until this thread has been up for at least 30 mins without going pfft from Wales before fiddling with password).

BoreOfWhabylon Sat 12-Apr-14 18:00:14

Right, have dunnit.

But what about all our other details?

<wibble>

VelmaD Sat 12-Apr-14 18:00:40

ok ok, no selfie, I beeeelive you!

Though yes, as above - what information exactly have they managed to get access to? Usernames and passwords or real life info?

is it worthwhile changing usernames too? (noooo, only had this one a few months after years and years of my old one!)

DoItTooJulia Sat 12-Apr-14 18:01:37

<paranoid> email has not come through (in fact, none will load at all).

It doesn't have to be the original email. It was sent to my new one, when I put that one in.

Does that mean it's still open to nefarious behaviour , or did it allow it because the new email address was on the system?

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 18:02:12

tbh, we hold very very little info on MNetters as a whole. I have asked Tech to pop over.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 18:04:26

BeerTricksPotter

It doesn't have to be the original email. It was sent to my new one, when I put that one in.

Does that mean it's still open to nefarious behaviour , or did it allow it because the new email address was on the system?

Mail in Beer, I'll take a look

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now