My feed
Premium

Please
or
to access all these features

MNHQ have commented on this thread

Site stuff

Mumsnet data breach - please read

868 replies

JustineMumsnet · 07/02/2019 12:40

As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts

What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.

Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.

How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.

Thanks to all who brought this to our attention.

Justine

OP posts:
EspressoButler · 07/02/2019 12:43

This reply has been deleted

Message withdrawn at poster's request.

Bombardier25966 · 07/02/2019 12:44

Thank you for being so open and transparent.

These things happen, no harm done.

JustineMumsnet · 07/02/2019 12:46

@EspressoButler

I haven’t had an email from you.

And I reported a post made several hours ago, in my name, that wasn’t posted by me.


Sorry Espresso - you're right - it's not quite gone to you yet but it's on it's way.
OP posts:
halfwitpicker · 07/02/2019 12:49

So that's why we had to log back in this morning?

halfwitpicker · 07/02/2019 12:49

Thanks for the info, BTW

TanteRose · 07/02/2019 12:50

Thanks for the explanation, Justine

However I can't agree with Bombadeer, unfortunately

These things happen, no harm done

They really don't, and yes, I think harm was done...Confused

MonicaBellucci · 07/02/2019 12:53

These things happen, no harm done

Hmm

I think you'll find some people have legitimate cause to query your opinion.

Thank you for the informative post MN.

WhenLifeGivesYouLemonsx · 07/02/2019 12:53

Great...

hobnobsaremyfavourite · 07/02/2019 12:55

Blimey not sure posters like Bombardier are safe to be allowed unsupervised access to the internet

Bowlofbabelfish · 07/02/2019 12:56

MNHQ: Just to make you aware, there have been threats to ‘dox all of mumsnet’ by a TRA called Emily Gorcenski.

mermaidbutmytailfelloff · 07/02/2019 12:57

As a user whose password was breached in the last debacle, I have to agree with tanterose...these thing so DON’T Just happen. I expected that mumsnet would have suitable testing and systems in place to protect users data particularly after being found wanting so badly before.

Not good enough. You are a commercial organisation and need to act like one in terms of the service you provide.

bellinisurge · 07/02/2019 12:57

Cock ups like this seem to be happening rather a lot. Considering walking away if you can't reassure us.

MrsArthurShappey · 07/02/2019 12:59

Thanks Justine. Is there anything we can do to check if we were affected?

MotorcycleMayhem · 07/02/2019 13:01

To be honest, I have my concerns given that when I logged back in just now I was offered the option to log in via Facebook, Google or my MN login.

I only ever use individual logins for all sites and don't link any via other sources such as Fb or Google accounts, because of the linked risk of other accounts being attacked through this method.

Can MN advise whether the accounts that have been taken over were ones that were linked to Fb or Google or if they were standalone password accounts?

I appreciate that those who have already identified themselves may be uncomfortable with this, but it may be important for others to understand if there is an additional risk in linking Fb profiles to outside websites in future.

LikeACowsOpinion · 07/02/2019 13:02

So is my information safe or not?

ChubsyMcChubFace · 07/02/2019 13:03

I also like to check if I have been effected, (before I most likely delete my account). Could you post on this thread telling those of us who would like to check this how we can do so please?

This is really poor MN. Sorry!

Horsewithnoma · 07/02/2019 13:03

I have not been asked to log in.

AornisHades · 07/02/2019 13:04

Is it fair to say that if you were logged in before Tuesday and remained logged in until the forced logout this morning, you should have been safe from anyone accessing your account?

EwItsAHooman · 07/02/2019 13:04

So is my information safe or not?

I would also like to know this.

Will everyone affected by contacted by MNHQ?

MonicaBellucci · 07/02/2019 13:06

Doxxing threats should be taken very seriously. Disposable email and fake name all the way...(sorry MN)

mermaidbutmytailfelloff · 07/02/2019 13:06

Likeacow I think no your information cannot be said to be safe. Mumsnets track record is poor, and they have demonstrated they haven’t learned from the mistakes.

I am angry about this issue, so many use this site for real support, and data breaches could me catastrophic for them.

JigglyPuff19 · 07/02/2019 13:06

I haven't been asked to log back in, I'm on mobile app.

Don’t want to miss threads like this?

Weekly

Sign up to our weekly round up and get all the best threads sent straight to your inbox!

Log in to update your newsletter preferences.

You've subscribed!

ILoveMaxiBondi · 07/02/2019 13:06

Happening far too often HQ. I think it’s time you had a serious look into security and what you need to do to prevent things like this. Honestly, it’s just too often to be “one of those things”. There’s a real problem with security her at MN.

ChubsyMcChubFace · 07/02/2019 13:07

And MNHQ go silent. Brilliant 🙄.

EwItsAHooman · 07/02/2019 13:07

Can I also ask why this thread isn't pinned to the top of ALL the boards? It's pinned here in AIBU but over on _Chat? Nothing.

Please create an account

To comment on this thread you need to create a Mumsnet account.