Due to a security breach we are resetting all passwords across Mumsnet

(730 Posts)

MNHQ have commented on this thread.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:32:34

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please contactus@mumsnet.com for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

RhondaJean Sat 12-Apr-14 17:33:37

Oh bollocks.

FluffyDucky Sat 12-Apr-14 17:33:59

Dammit, I JUST changed mine! Typical

Coconutty Sat 12-Apr-14 17:36:01

Oh, okay then. Can't remember what my password here is though.

EatShitDerek Sat 12-Apr-14 17:37:17

Can I type in the password I already have? I wont remember it if change it

Waah! I've changed my password twice in two days to be on the safe side.

RandallFloyd Sat 12-Apr-14 17:38:29

<hands around gin>

So do we change now, or will you do it later confused
Sorry to be a thicko.

DrankSangriaInThePark Sat 12-Apr-14 17:39:12

<panics at being logged out for potentially 30 minutes>

Sparklingbrook Sat 12-Apr-14 17:40:41

I have just done it. Is that ok?

RandallFloyd Sat 12-Apr-14 17:41:16

Well that was easy. Took approximately 30 seconds.
Well done Tech et al.

I've done mine too. I'm never logging out again.

WorraLiberty Sat 12-Apr-14 17:46:14

I'm confused

What time are you removing the passwords from your system and shall I click the link in the OP now and change?

sillymillyb Sat 12-Apr-14 17:47:04

I don't have an email yet - nothing in junk either. I seem to remember this happening once before, I don't think I blocked mn in my emails though. I'm confused!

KateSMumsnet (MNHQ) Sat 12-Apr-14 17:47:12

AryaOfHouseSnark

So do we change now, or will you do it later confused
Sorry to be a thicko.

Not thick at all Arya - you need to do it now via this link

Thank you Kate, have done it now. wine

usualsuspectt Sat 12-Apr-14 17:48:20

I've changed mine, isn't it a bit 'Horse has already bolted though' ?

VelmaD Sat 12-Apr-14 17:48:25

Stupid question, but how do we know this is you? And not hackers again, after they posed as Justine? (completely aware I am completely over panicking)

ThePearShapedToad Sat 12-Apr-14 17:49:12

Seconded velma

Tell us something only MNHQ would know grin

topknob Sat 12-Apr-14 17:49:19

All done smile

MariaJenny Sat 12-Apr-14 17:50:02

All worked. Many thanks.

RandallFloyd Sat 12-Apr-14 17:50:07

<offers Velma paper bag to breathe into>

Valpollicella Sat 12-Apr-14 17:51:08

If its not done within half an hour (from when? confused...sorry just had afternoon nap) what happens?

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:51:45

EatShitDerek

Can I type in the password I already have? I wont remember it if change it

Nope, please think of something new.
We also strongly recommend you change it for other sites too.

shock Velma. <hides in corner rocking>

WorraLiberty Sat 12-Apr-14 17:52:06

Done, thanks.

Val I assume half an hour from when you get the email.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:52:08

ThePearShapedToad

Seconded velma

Tell us something only MNHQ would know grin

bear

usualsuspectt Sat 12-Apr-14 17:52:35

If you don't do it within 30 minutes, you have to join Netmums.

MisForMumNotMaid Sat 12-Apr-14 17:53:12

Yeh, you still let me in!

mummylin Sat 12-Apr-14 17:53:21

Done

ChuckitintheBucket Sat 12-Apr-14 17:53:30

What Velma said. Bit reluctant to do this.

EatShitDerek Sat 12-Apr-14 17:53:31

What about those who joined millions of years ago and now have no means of finding that email address they signed up with?

ThePearShapedToad Sat 12-Apr-14 17:53:40

Pombear's enough evidence for me! grin

Doing it now

<salutes special secret hand gesture>

By changing all other passwords,do you mean everything, even if they're different to MN passwords ?

KateSMumsnet (MNHQ) Sat 12-Apr-14 17:54:02

ThePearShapedToad

Seconded velma

Tell us something only MNHQ would know grin

bear bear bear

Think that says it all wink

DoItTooJulia Sat 12-Apr-14 17:54:06

I was logged out earlier, even though I never log out.

I logged back in and was kicked out again. Is this part of the problem or totally unrelated? Either way I'm resetting my password now.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:54:12

WorraLiberty

I'm confused

What time are you removing the passwords from your system and shall I click the link in the OP now and change?

Passwords have now been removed - so you won't be able to get back in until you have reset. <hands out gin>

usualsuspectt Sat 12-Apr-14 17:55:27

<hides under table>

LackaDAISYcal Sat 12-Apr-14 17:55:50

I logged out and got the reset message when I tried to log back in with my existing password.

I think that this thread needs to be at the top of the stickies, and in Big Shouty Capitals rather than tucked away in lower case at the bottom of them Not everyone goes through active convos or even reads stickies, so are you emailing users to ensure everyone sees it?

Also, what other information has slipped out? Registration details? email addresses, dates of birth and real life names?

What good will changing passwords do if the info is already out there?

mummylin Sat 12-Apr-14 17:55:56

It is true or I wouldn't of been able to get back on here. ( crosses fingers)

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:56:53

VelmaD

Stupid question, but how do we know this is you? And not hackers again, after they posed as Justine? (completely aware I am completely over panicking)

We are us <confuses self>
Defo MNHQ staff, Justine is Skiiing and we've been on the phone to her. I am working from home in sunny Bath and Kate and Tech are in Laaandaan. Lots of folks around the country all working for MN and we booted all admin out and we've all logged back in again just before all of this.

Don't make me post a selfie wink

Chottie Sat 12-Apr-14 17:56:56

Thanks MN HQ for keeping us all safe. I've just done mine and it took one minute for the email to come through smile It was so simple just a couple of clicks smile

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 17:58:59

LackaDAISYcal

I logged out and got the reset message when I tried to log back in with my existing password.

I think that this thread needs to be at the top of the stickies, and in Big Shouty Capitals rather than tucked away in lower case at the bottom of them Not everyone goes through active convos or even reads stickies, so are you emailing users to ensure everyone sees it?

Also, what other information has slipped out? Registration details? email addresses, dates of birth and real life names?

What good will changing passwords do if the info is already out there?

We are working on the shouting and you will receive an email too.

IF they managed to copy passwords before we put the fix in place, then this will render the info they have obsolete for MN.

I will ask Tech re further info and see if he can pop over and post...

EdithWeston Sat 12-Apr-14 17:59:26

If info has already been taken, you can do nothing to get it back.

You may want to think carefully about what info you are giving and to whom for the future.

(I'm waiting until this thread has been up for at least 30 mins without going pfft from Wales before fiddling with password).

BoreOfWhabylon Sat 12-Apr-14 18:00:14

Right, have dunnit.

But what about all our other details?

<wibble>

VelmaD Sat 12-Apr-14 18:00:40

ok ok, no selfie, I beeeelive you!

Though yes, as above - what information exactly have they managed to get access to? Usernames and passwords or real life info?

is it worthwhile changing usernames too? (noooo, only had this one a few months after years and years of my old one!)

DoItTooJulia Sat 12-Apr-14 18:01:37

<paranoid> email has not come through (in fact, none will load at all).

Message withdrawn at poster's request.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 18:02:12

tbh, we hold very very little info on MNetters as a whole. I have asked Tech to pop over.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 18:04:26

BeerTricksPotter

It doesn't have to be the original email. It was sent to my new one, when I put that one in.

Does that mean it's still open to nefarious behaviour , or did it allow it because the new email address was on the system?

Mail in Beer, I'll take a look

sallysparrow157 Sat 12-Apr-14 18:04:37

I've tried twice, I'm getting the email, clicking on the link and just getting 'expired link'.

LEMmingaround Sat 12-Apr-14 18:05:36

When you say strongly recommend for other sites, do you mean strongly recommend or to be on the safeside recommend, i have lots of sites to change!! sad

Stressed nown - what sort of threat are we talking about here?

MinimMum Sat 12-Apr-14 18:05:47

Yes, it worked for me. new password and I thought I'd have a name change too.
Bet you can't guess who I was. grin

LEMmingaround Sat 12-Apr-14 18:05:51

now not nown

LackaDAISYcal Sat 12-Apr-14 18:06:39

thanks Rebecca...have some wine and cake and [gin]

EdithWeston Sat 12-Apr-14 18:07:22

This thread didn't go pfft, so I've just done it, and it worked fine for me.

RustyBear Sat 12-Apr-14 18:08:20

The thing about changing other passwords, even if they're not the same as your Mumsnet one, is that Heartbleed has potentially affected a hell of a lot of sites - it looks like someone just decided to have fun with the info they got from Mumsnet, which is actually lucky, because it means that MNHQ found out that their info has actually been compromised and they can do something about it. If someone has got info from another site you use, they may not be broadcasting the fact, they may just use it for something nasty.

RebeccaMumsnet (MNHQ) Sat 12-Apr-14 18:08:32

LEMmingaround

When you say strongly recommend for other sites, do you mean strongly recommend or to be on the safeside recommend, i have lots of sites to change!! sad

Stressed nown - what sort of threat are we talking about here?

Strongly recommend especially if you use the same password across lots of sites.

It is not just MN that has been 'exposed'. The advice from the media as a whole is to be extra vigilant and reset your passwords.

ShamTech (MNHQ) Sat 12-Apr-14 18:09:05

The info that was gathered was the info that is submitted via the login form which is the username, password and whether or not you ticked the 'keep me logged in' checkbox. They would only gain access to your other information if they subsequently logged in as you. If you reset your password to the same password as before your information won't be secure, so please make sure to use a new password.

Terrortree Sat 12-Apr-14 18:09:41

I am confused. I tried to re-set, got the email and everything, changed it but then it wouldn't let me in saying password incorrect.

But I am in. I've tried shutting down MN but I can still post.

AlpacaYourThings Sat 12-Apr-14 18:09:49

The email was signed off "the mumsnet team" rather than MNHQ... [suspicious]

difficultpickle Sat 12-Apr-14 18:10:06

I changed my password this afternoon. I've just used the reset link and entered that password and it worked confused

LEMmingaround Sat 12-Apr-14 18:10:37

oh, fuck! i read the link - i dont have any banking online but dp does, so he should definately change passwords then because it said on the BBC link that there was some confusion about whether or not changing password would actually make things worse - can you comment on this?

LackaDAISYcal Sat 12-Apr-14 18:11:19

LEM, I think the threat is worst where you have financial details stored. Most of the big sites like Amazon, and the banks have sorted any vulnerability and should be safe now. There lotys of stuff on heartbleed out there.

My issue is that I use a certain password for lots of non security conscious sites, but can't remember which sites. My big financial ones have discrete passwords though so I should be relatively safe.

Though if someone has my email address and date of birth and can hack things; is it possible that they can get password resets sent to a hacked version of my email address? God, this makes you think doesn't it?

RafaIsTheKingOfClay Sat 12-Apr-14 18:12:37

LEM you definitely need change anything that might have had the same password as your MN account.

You also should change passwords for any sites that were vulnerable to the Heartbleed breach. But make sure they have made the necessary changes first.

I would prioritise any login that you definitely wouldn't want other people to have access to i.e. any site where if someone logged into your account they would have access to your bank/card details.

I've not been logged out on the iPad app.

Ineedmystrengthback Sat 12-Apr-14 18:16:05

sad I can't change my password, it tells me that my current one is incorrect

cozietoesie Sat 12-Apr-14 18:16:38

LEM

I'd concentrate on the sites where you're seriously exposed (eg money sites.) As I understand it, if the site is fixed, you can change your password. If it's not yet fixed, you run the risk of relaxing in a heap but having your new password known because the bad guys can still get into the system. That's the 'making things worse' as far as I know. (Athough if they've been at it (and that's a big 'if') for two years and are now going for a last ditch collect, they must be fair drowning in data which they won't find too easy to sort.

LEMmingaround Sat 12-Apr-14 18:18:01

Thanks - will change my passwords, have told DP to change his banking passwords although he seems to think NATWEST is pretty safe, it can't hurt to be vigilant can it - trouble is, im so shite at remembering them.

Thanks for looking out for us MNHQ <feels looked after>

GiddyUpCowboy Sat 12-Apr-14 18:21:47

How do you change your Outlook password?

Would they need your email address to hack you on FB? I use different email address's for various sites.

Scout19075 Sat 12-Apr-14 18:26:15

I changed this password around 8-10 p.m. last night -- should I change again?

frasersmummy Sat 12-Apr-14 18:26:34

My understanding is that if a site is attacked by heartbleed which mn was then the hacker could potentially log in as you on this site, get whatever details are on your profile and post as you .. like they did with Justtine.
The other problem is that once the hacker has your user name and password from here they could try the same user name and password on other sites and potentially log in as you on those sites too.. but if you log in with a completley different user name and password on other sites then its not an issue

Of course mn is not the only site attacked so each one that is attacked gives the hacker another user name and password you use that they can try on other sites..

so the only way to make sure no-one can login as you anywhere si to change all passwords

that said the threat has been out there for months and there hasnt been world wide hacking of everyones accts.. so ..

but well done mn for making sure our user name and pw cant be stolen from here

Oody Sat 12-Apr-14 18:26:55

Someone on the other thread said banks are safer because they don't use the current OS without massively testing the security where others just update.
Anyone confirm that?

MisForMumNotMaid Sat 12-Apr-14 18:27:20

You can find out your registered email by

go to 'mymumsnet' top right next to the envelope for your inbox

Select 'my account'

Your email can then be seen and/ or edited and you enter your password if you've made a change.

You can usually change your password in this area too.

Ineedmystrengthback Sat 12-Apr-14 18:28:08

Is anyone else unable to reset their password?
sad

RafaIsTheKingOfClay Sat 12-Apr-14 18:29:59

I don't think you have any choice, Scout. I think they have removed all passwords that were current this afternoon, so you will need a new one to log in.

LackaDAISYcal Sat 12-Apr-14 18:30:47

You can check the vulnerability of sites HERE

SureFootedWhispher Sat 12-Apr-14 18:31:25

Why didn't they send an email to Users? Some people might not see this. Or force a password change? or is this what they are doing and if so when does it come into affect?

RustyBear Sat 12-Apr-14 18:32:49

I changed all my passwords yesterday, it took most of the day! I used a site that was recommended by GitHub to check whether websites had been fixed, though it doesn't always give a definitive result. I will be keeping a close eye on my more sensitive sites, and those that didn't return a result and will change again after a while, or if any of the sites contact me to say they are now safe (a couple have done already)

cozietoesie Sat 12-Apr-14 18:34:52

Keeping a close eye on more sensitive sites is always a good idea - particularly so in the current climate.

RafaIsTheKingOfClay Sat 12-Apr-14 18:37:33

It's probably a good idea to change those more sensitive ones regularly anyway.

OMGtwins Sat 12-Apr-14 18:37:33

In case it helps anyone see here for an explanation of the bug: http://xkcd.com/1354/

Basically it means for a type of login secured by a protocol called SSL (using a particular program for implementing it called OpenSSL) is vulnerable to someone asking the server to send back more data from the working server memory than is supplied when they log in. So if I were a hacker I could log in and use the vulnerability to ask the server to send back a bunch of extra info which might contain details of other people's recent log ins held in the server memory (including encryption keys sometimes).

SSL (or TLS) is the way all secure websites let you log in, hence the widespread worry. And yes the bug has been around for 2 years but hassmile only just been made public (this is quite common in computer security, sadly).

Have a Google for if the website you use is vulnerable, most companies will make a big deal out if fixing it because of everything on the press. Some common ones are here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Don't change you password until the website you have been using is fixed.

OMGtwins Sat 12-Apr-14 18:39:16

Can someone make those links work please wink Computer security I can do, Mumsnet links I have no idea because I usually lurk...

RafaIsTheKingOfClay Sat 12-Apr-14 18:41:00
LackaDAISYcal Sat 12-Apr-14 18:41:22

surefooted, this is forcing a password reset. afaiu everyone has been booted out and will need to reset their password before loggin in again.

So, if your knocking off everyones password today and if they haven`t seen this thread what will happen to them? How will they know?

Will they try to come on tom and be blocked?

MisForMumNotMaid Sat 12-Apr-14 18:44:14

Facebook appears to have the same vulnerability and ebay possibly does from the above check vulnerability link.

Off to change some more passwords. I can see myself forgetting lots of passwords.

RowanMumsnet (MNHQ) Sat 12-Apr-14 18:44:21

Hello

You won't be forced out of a session - ie if you were already logged in and posting when the forced password reset occurred, you won't have been forcibly logged out. You will be forced to change your password next time you need to log in though.

We are sending a message to everyone on our database with the exception of those who've specifically asked to receive no email from us; that will go out soon, probably before the end of today.

RustyBear Sat 12-Apr-14 18:46:11

OMGtwins - I was working on the basis that changing a password now, even if you don't know the site is fixed, is safer than leaving it (especially if you use the same password for more than one site) - as long as you then change it again once you know the site is fixed Because if a site has already been attacked, but doesn't know it, changing the password now stops information already gained from being used.

Imnotmadeofeyes Sat 12-Apr-14 18:47:12

I'm not techy at all but I did wonder why 'they' (being the magical computer wizards) didn't release a fix patch through widely used software like an anti-virus update before releasing it so publicly?

Rock and a hard place I suppose when you know something needs fixing asap, but I almost heard the ears of a million hackers prick up at the news...

Message withdrawn at poster's request.

LackaDAISYcal Sat 12-Apr-14 18:51:29

ebay have made an announcement on their site...I had to find it using a google search though; you'd think it would be on the homepage hmm

Maryz Sat 12-Apr-14 18:51:54

I am sad.

I have had my password since the dawn of time, and it's now too short so I've had to come up with an inventive and easy to type replacement.

I will now RTFT

RhondaJean Sat 12-Apr-14 18:52:32

Rebecca Rebecca panic panic the link on my email Isn't live, you have to use it within 30 minutes I missed that bit! Will it resend if I link again

Also

I can't cut an paste it on my iPad

<melts down at thought of no MN>

RafaIsTheKingOfClay Sat 12-Apr-14 18:54:48

I think they did, to an extent. The BBC article about it seemed to suggest that websites had been given some time to get the fix patch in place before the news was released.

I think part of the problem was that site owners either couldn't or didn't check to see whether their data had already been breached

SoleSource Sat 12-Apr-14 18:55:06

Done.

RhondaJean Sat 12-Apr-14 18:59:35

Emm panic over blush once I stopped flapping I went and tried it and sorted it (sorry)

StolenStollen Sat 12-Apr-14 19:00:37

I've clicked the link and submitted my email but I haven't got an email from HQ yet.
Do I try again or email hq?

EverythingIsAwesome Sat 12-Apr-14 19:01:17

according to alcksaDAISY's link, Mumsnet was always safe - so I dont think that link is reliable

RowanMumsnet (MNHQ) Sat 12-Apr-14 19:03:05

StolenStollen

I've clicked the link and submitted my email but I haven't got an email from HQ yet.
Do I try again or email hq?

Hello - are you checking the email address you used when you registered with MN?

If so, might be worth checking in the spam folder.

If that doesn't work, try asking for a new one - loads of people are re-setting at the moment so there may be a few glitches.

RafaIsTheKingOfClay Sat 12-Apr-14 19:03:08

I think we can quite safely say that MN wasn't always safe.

EverythingIsAwesome Sat 12-Apr-14 19:05:06

Exactly, so that link to check sites is very inaccurate.

NinetyNinePercentTroll Sat 12-Apr-14 19:06:12

I just changed mine too, fgs

RafaIsTheKingOfClay Sat 12-Apr-14 19:09:21

I thought the same. A couple of sites that I've seen elsewhere as not being vulnerable I checked and it has safe or unsure on.

I think the best bet is to change everything important regardless and keep an eye on it. Then what you like with the rest.

SweetPeaPods Sat 12-Apr-14 19:10:14

When you log in with app (on iPad or iPhone) there is no mention of having to change password. Might be useful to have a note about having to reset password on the app when you log in. It was only when I went to main site that I saw the mention of having to follow the link etc.

mamicar Sat 12-Apr-14 19:14:44

Phew!all done. That was a hairy few minutes! who knew I had two accounts grin

IHaveAFifthSense Sat 12-Apr-14 19:15:01

I was logged out and my password was reset last night. Was that something to do with the security breach? I have since changed my password myself, so will I need to do it again?

sittingatmydeskagain Sat 12-Apr-14 19:15:11

I was trying to access MN via the android mobile app, and it was just telling me my log in details were wrong. I've had to turn my ancient computer on to find out what was happening! I bet you've got a lot of panicky app users right now.

Faverolles Sat 12-Apr-14 19:16:33

I still haven't had an email.
I've checked in spam, and sent another reset request, but still nothing sad

Nellvarnish Sat 12-Apr-14 19:18:05

Done and dusted, let's hope I can remember it.

Thanks MN - you will need buckets of gin tonight!

Maryz Sat 12-Apr-14 19:18:50

You know, we really should all be grateful for this.

As BeerTricks said, whoever showed us and mnhq how they could hack this site has done us all a massive favour.

We should all change our passwords regularly, but I bet many of us don't. And whoever it was could have really played havoc, but instead started an innocuous thread and when that was ignored just gave mnhq a little nudge.

So I propose a vote of thanks to cazsco5 whoever s/he is.

MarshaBrady Sat 12-Apr-14 19:19:17

I can't see an email. Not sure whether to do that link.

rembrandtsrockchick Sat 12-Apr-14 19:20:51

I have just had to change not only my password but actually open a new account as MN would not accept my change details...kept telling me my password did not match the one on my account. As I had changed the password earlier in the day maybe this caused the problem. I'm a bit annoyed as I feel that I have now lost my mumsnet identity.

I really liked my old name too.

sadaboutthis Sat 12-Apr-14 19:22:23

Had a lot of trouble changing mine. Took several attempts and several new passwords.

bantamgirl Sat 12-Apr-14 19:24:11

It wouldn't let me log in with my new password.

So I clicked the log in with facebook thing and it has brought me up with this username which is a really old one I don't know the password for!

Imnotmadeofeyes Sat 12-Apr-14 19:26:41

rembrandt, HQ will still have your email to identify you, perhaps try to get it sorted after the first rush has died down.

StolenStollen Sat 12-Apr-14 19:27:37

Nothing in spam. I've changed my email because I can't remember my password to the one I signed up with. Still no email.

Fairy1303 Sat 12-Apr-14 19:29:13

I can't do mine as signed up with my work email and they are cracking down on security too so we can't access it at home now!! Can I do it on Tuesday when at work?! Or is there a time limit?! I can't usually go more than 3 minutes without Mumsnet let alone 3 days!!!! <hyperventalates>

HoneyDragon Sat 12-Apr-14 19:29:30

Blimey that reds scary

lilyloo Sat 12-Apr-14 19:29:38

Have changed my password , got logged out and then Couldn't get back in . Randomly let me back in after a few tries :/

RandallFloyd Sat 12-Apr-14 19:30:53

You're right there MZ. Could have been a lot worse.

bantamgirl Sat 12-Apr-14 19:32:04

And it won't let me log in from the app with my normal user name and password either.

BertieBotts Sat 12-Apr-14 19:34:44

Ineed I don't know if you will see this now (maybe someone from HQ can PM/email to check?) but you won't be able to change password through the profile page as all old passwords have been deleted.

You need to use the link that MN put in the OP of this post.

I've done mine, security is stepped up! My old password would be too short under the new rules.

RowanMumsnet (MNHQ) Sat 12-Apr-14 19:35:35

Sorry all - obvs there are thousands of people changing passwords right now so there's a big load on the system. Plus (human error and all that) it may be that the password you set on the reset page isn't exactly the same as what you're trying to log in with.

So it may be you have to do the reset process more than once - not ideal we know but it's worth a try.

App users - unfortunately we're limited in what we can do on the app, particularly over a weekend - it's one reason we're making our own new one. App users will hopefully see the sticky - if not they will (so long as they haven't opted out of all email) be getting our mass email at some point later on today.

I've used the link and changed my password ok.

StolenStollen Sat 12-Apr-14 19:38:06

HQ, I've emailed you on thecontactus@mumsnet.com email.

Maryz Sat 12-Apr-14 19:38:50

Mine too Bertie.

Do you think tonight is a good night for Chaos to start one of her "tell me your mother's maiden name, your MN password, and the name of your first pet" threads?

noblegiraffe Sat 12-Apr-14 19:39:34

Someone said on another thread that a list of mumsnet logins and passwords had been posted somewhere on the internet.

Is that true?

RandallFloyd Sat 12-Apr-14 19:39:38

More <gin> Rowan?

RowanMumsnet (MNHQ) Sat 12-Apr-14 19:39:44

StolenStollen

HQ, I've emailed you on thecontactus@mumsnet.com email.

Thank you - we're afraid we're absolutely drowning in mail from people at the moment so it may be a while before we get back, but we'll be as quick as we can.

bantamgirl Sat 12-Apr-14 19:39:51

So, I was having a thick moment. Realised I would have been using e-mail number 1 (for this account) and trying to log into username2 with password 1. Changed username 2's password and still wont let me in on PC or app. I can get onto the app with Username 1 but I want to use username 2....Oh well, I'll try again in a few days, at least I can get in.

RowanMumsnet (MNHQ) Sat 12-Apr-14 19:41:14

RandallFloyd

More <gin> Rowan?

About four pints please

cozietoesie Sat 12-Apr-14 19:41:59

I've actually got an unopened bottle of gin downstairs together with a case of Schweppes Tonic. I'm guessing the tonic is redundant tonight?

cozietoesie Sat 12-Apr-14 19:42:48

x post. grin

cozietoesie Sat 12-Apr-14 19:44:35

You're all doing well, Rowan. No HQ swearing or anything like that so far!

GiddyUpCowboy Sat 12-Apr-14 19:44:39

where is the list of logins? can we have a link please?

Any value in posting thread across all the Local sites too HQ?

RowanMumsnet (MNHQ) Sat 12-Apr-14 19:46:32

LocalEditorMerton

Any value in posting thread across all the Local sites too HQ?

That's a good point but sadly it's not something we can easily do I don't think - we'll take a look

IamInvisible Sat 12-Apr-14 19:47:53

Fuck! I hope a list of usernames and passwords haven't been put on the net!

<wishes I'd bought more Bombay Sapphire back from Cape Verde at €12 a litre and I don't even drink>

RandallFloyd Sat 12-Apr-14 19:47:57

Just realised I only have virtual gin I'm afraid.
If you want actual booze I have a bottle of cider and some honeycomb baileys <classy>

Right, I have changed MN password, got a verification email and
Changed passwords for everything else.
Does that mean that peace and equilibrium have been restored ? Can I
get pissed have a glass of wine, knowing that all is well and good ?

Legologgo Sat 12-Apr-14 19:49:06

shit my hotmail is buggered atm

mnhq can you not just do mine for me * looks up through lashes*

BeattieBow Sat 12-Apr-14 19:51:12

oh dear I am being a bit dense I think.

I saw this thread and changed my password. And now I just got the email through asking me to change my password. Do I have to change it again?

And also, I have passwords on hundreds of websites and I can't even remember them all (I do, ahem, a bit of internet shopping). do I have to change my password on all of them?

mamicar Sat 12-Apr-14 19:51:20

already forgot my password grin

RandallFloyd Sat 12-Apr-14 19:51:25

I also have a bottle of sparkling rosé of that's any help?
<realises she has the drinks cabinet of a 15yo>

RafaIsTheKingOfClay Sat 12-Apr-14 19:51:47

The link to the list of logins was posted earlier but got deleted.

Not sure it's a good idea to post it again. It might push Rowan over the edge.

GiddyUpCowboy Sat 12-Apr-14 19:52:21

can you pm it to me please?

LackaDAISYcal Sat 12-Apr-14 19:52:46

ooops blush thanks for flagging that up though everythingisawesome!

Thanks, RowanMumsnet! Just thought you may be able to press one key and the message would go across all of them....blush shows non-techy side

GiddyUpCowboy Sat 12-Apr-14 19:53:44

or at least those who have the link go and pm those of us mentioned on the other site please so we know we have been compromised.

RowanMumsnet (MNHQ) Sat 12-Apr-14 19:56:15

RandallFloyd

Just realised I only have virtual gin I'm afraid.
If you want actual booze I have a bottle of cider and some honeycomb baileys <classy>

Do I look fussy?

Honeycomb Baileys, mmmmm

ItsAllGoingToBeFine Sat 12-Apr-14 19:56:53

We are sending a message to everyone on our database with the exception of those who've specifically asked to receive no email from us; that will go out soon, probably before the end of today

TBH I think you should send to everybody, opt out or not.

Fuck! I hope a list of usernames and passwords haven't been put on the net!

It has and was posted earlier. So if you use the same logon info across more than one site you need to change those too.

noblegiraffe Sat 12-Apr-14 19:56:56

So there is a list? What was on it? Just usernames and passwords or also email addresses?

If email addresses, then people who use the same password for their email address need to be changing that ASAP too. Anyone could be noseying through their stuff.

slithytove Sat 12-Apr-14 19:58:07

Mine is still automatically logging me in on my old password?

doobedoobedoo Sat 12-Apr-14 19:58:18

Changed my password, but I tried to use a number of symbols in it such as $%@_#+ and I wasn't allowed to. I could only use letters and numbers.

Letters and numbers alone make for very weak passwords. Upper & lower case help (assuming MN software recognises the difference? - I haven't tested that out), but they are still weak if people use real words.

Any chance that Tech could do something to allow other characters in passwords?

EverythingIsAwesome Sat 12-Apr-14 19:59:28

Please can someone let me know about the list of logins & passwords!

Message withdrawn at poster's request.

LackaDAISYcal Sat 12-Apr-14 20:00:24

According to the OP of this thread there is a bloke somewhere on the web crowing about pissing around on MN. Not sure how true it is though, but it has been reported so I'm sure HQ are on it.

sillymillyb Sat 12-Apr-14 20:00:27

It was just username and password if that were posted, I looked earlier but am not sure I still have it as I've cleared everything off all my devices now.

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:00:56

ItsAllGoingToBeFine

*We are sending a message to everyone on our database with the exception of those who've specifically asked to receive no email from us; that will go out soon, probably before the end of today*

TBH I think you should send to everybody, opt out or not.

If we do that and lots of people report us for deliberate spamming we could end up getting all our MNHQ emails to our users blacklisted, so it seemed best not to tbh - we're hoping any active users will see the stickies or hear other users talking about it. And of course eventually they'll be forced to reset their passwords anyway.

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:01:50

doobedoobedoo

Changed my password, but I tried to use a number of symbols in it such as $%@_#+ and I wasn't allowed to. I could only use letters and numbers.

Letters and numbers alone make for very weak passwords. Upper & lower case help (assuming MN software recognises the difference? - I haven't tested that out), but they are still weak if people use real words.

Any chance that Tech could do something to allow other characters in passwords?

Pretty sure you can use special characters because I did - did it explicitly tell you you couldn't?

Maryz Sat 12-Apr-14 20:02:18

Don't go pm'ing links to people.

There was a very short list of names and passwords which was online for about 20 minutes. It was found by googling, so anyone who is worried (and I only recognised one name on the list, who isn't on this thread) should google.

Rowan - I know MNHQ have that link (it was a post withdrawn on the other thread, but I'm sure you have it) - maybe email those dozen or so names directly rather than people pm'ing each other.

Maryz Sat 12-Apr-14 20:03:49

And the guy who did hack people didn't hack any of those names anyway.

RustyBear Sat 12-Apr-14 20:04:08

I have punctuation in mine.

LackaDAISYcal Sat 12-Apr-14 20:05:03

I tried to use some symbols and got a "no special characters" error as well. Tried to use them as they are more secure...

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:05:10

Maryz

Don't go pm'ing links to people.

There was a very short list of names and passwords which was online for about 20 minutes. It was found by googling, so anyone who is worried (and I only recognised one name on the list, who isn't on this thread) should google.

Rowan - I know MNHQ have that link (it was a post withdrawn on the other thread, but I'm sure you have it) - maybe email those dozen or so names directly rather than people pm'ing each other.

Yes, we're on it

cozietoesie Sat 12-Apr-14 20:05:55

There's a point there to remember. Watch out for the phishing Heartbleed emails. I have no doubt whatsoever that they'll be being written (badly) as we post - too good an opportunity for the bad guys to miss.

AuntieStella Sat 12-Apr-14 20:06:13

It was a partial list (or at least the one I saw) and they had removed a character of two from the user names. But that wouldn't make them unrecognisable (would have been better if they'd removed a bit of the password).

If you are recognisable from your username (posting history, public profile) and use your MN login for other sites, I would in theory be possible to hack them from the published info.

Ditto if heartbleed hackers have acquired data from other vulnerable sites.

At least with MN we know it's happened.

TheDailyWail Sat 12-Apr-14 20:10:22

Oh my, gawd knows how many sites I have registered the same password for.... The list of names and passwords - is it still discoverable? And will MN PM those who were affected?

RandallFloyd Sat 12-Apr-14 20:10:49

It's from M&S and it's bloody delicious.
Like liquid crunchie mixed with baileys.

<stops derailing thread with talk of teenager booze>

EnlightenedOwl Sat 12-Apr-14 20:11:17

I use different passwords for email facebook twitter and here so hopefully covered now I've changed password for this site

cozietoesie Sat 12-Apr-14 20:11:29

Rowan has said, tacitly, that they shall be contacting those on the list.

SheherazadeSchadenfreude Sat 12-Apr-14 20:11:31

I am confused. I changed my password last night - do I need to change it again? And it wouldn't let me log in using this username. I tried using another one I've used recently, that didn't work either, but an older name did?

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:11:53

Those being told you can't use special characters - what devices/OSs/browsers are you using? Just seeing if we can spot a pattern.

AuntieStella Sat 12-Apr-14 20:12:58

Yes, the list is still there (I looked earlier,and went back to it via 'history' just now).

But don't get sidetracked into focus on those extracts which were found on google. Assume all have been grabbed, and are available on the dark web.

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:13:02

SheherazadeSchadenfreude

I am confused. I changed my password last night - do I need to change it again? And it wouldn't let me log in using this username. I tried using another one I've used recently, that didn't work either, but an older name did?

If you log out, and then try to log back in, you'll be forced to change password again - sorry

doobedoobedoo Sat 12-Apr-14 20:14:13

Pretty sure you can use special characters because I did - did it explicitly tell you you couldn't?

Afraid so, Rowan - the same as DAISY experienced.

I will see if I can manage to use characters when doing a standard password change, rather than an emergency one!

Maryz Sat 12-Apr-14 20:15:22

You should be changing all your passwords anyway.

Facebook, Amazon, Ebay - all were named as vulnerable to this. But we should be changing regularly anyway.

doobedoobedoo Sat 12-Apr-14 20:16:48

Internet Explorer, latest version (can't remember - IE10?) and PC.

magimedi Sat 12-Apr-14 20:19:34

I just changed my password as instructed to (have already changed every other password I have) & have logged out & logged in again with new pw with no problems whatsoever.

wine time now!

LackaDAISYcal Sat 12-Apr-14 20:19:34

I'm using the latest version of firefox and windows 7

SetPhasersTaeMalkie Sat 12-Apr-14 20:20:25

I didn't think Amazon or eBay were vulnerable. Where did you read that maryz?

LackaDAISYcal Sat 12-Apr-14 20:21:44

ebay have a notice up saying they were not compromised.

LackaDAISYcal Sat 12-Apr-14 20:22:53

and on a laptop

RafaIsTheKingOfClay Sat 12-Apr-14 20:24:20

I've read they weren't, I've also read that they might be. I think with amazon there's a bit of confusion as they run some web services as well as their online website. I think the web services that are vulnerable and that amazon.co.uk and amazon.com etc are fine.

Better to change it anyway just to be on the safe side.

Lucked Sat 12-Apr-14 20:24:47

Sorry HQ I am not getting this to works.

When I click on link in email it says link expired despite being within 5 mins of requesting it.

coffeeinbed Sat 12-Apr-14 20:25:44

If the list of those who have been compromised is short, then could MNHQ let them know and delete their posts?

Sorry, if this has been already asked.

Ephedra Sat 12-Apr-14 20:26:08

I have now changed so many passwords that I can't remember all of them or what websites they are for.

Sirzy Sat 12-Apr-14 20:29:17

I don't have access to the email address I registered with anymore (well I can't remember the password or it!) does that mean I need to set up a new account or can i somehow change the email it is linked to?

ValentineWiggins Sat 12-Apr-14 20:33:08

Can I ask which of the following bits of information were available:

User Name
Email Address
Password

Because if email address WASN'T exposed then most people are probably less in trouble than they might be panicking - I somehow suspect based on most of the user names I see that most people have a "mumsnet specific" user name (I certainly do) that isn't what they use on Amazon, online banking etc.

Can Tech confirm if email address was exposed?

Cheers

Er, mnhq is this why mn has been locking me out periodically today?

Changed now but I'm buggered if I'll remember it.....

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:34:01

Lucked

Sorry HQ I am not getting this to works.

When I click on link in email it says link expired despite being within 5 mins of requesting it.

Sorry, a few people are saying this - it may just be sheer load on the system so we're advising people to wait an hour or so and then request a fresh link. Apologies

GiddyUpCowboy Sat 12-Apr-14 20:34:14

There was a bit of the email, a bit of the username and a bit of the password.

GiddyUpCowboy Sat 12-Apr-14 20:35:01

Wiggins and the information was taken Tuesday/Wednesday not Friday.

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:35:24

Sirzy

I don't have access to the email address I registered with anymore (well I can't remember the password or it!) does that mean I need to set up a new account or can i somehow change the email it is linked to?

If you email contactus@mumsnet.com we will take a look, but given the volume of mail we're getting tonight it may not be as quick as response as we would ideally like - sorry. Obvs if we're going to manually change people's email addresses we want to be sure we're definitely dealing with the genuine account holder so it will take some back-and-forth and checking and we may not be able to do it all tonight.

Lucked try pasting the next link into the top of the browser. Sometimes when you click on a link in an email it leaves the end bit off and goes wrong.

It should be working as it just did for me.

Sirzy Sat 12-Apr-14 20:36:29

Thanks Rowan!

Maryz Sat 12-Apr-14 20:39:20

Oh, sorry Set. I can't remember where I read it, I've read so much about it today, but I thought Ebay was mentioned.

The advice for Amazon was to change password if they have your credit card details, which I think they have for a lot of people.

Maryz Sat 12-Apr-14 20:40:23

Valentine, the list that was on the other thread had mumsnetname and password only, no email addresses.

Maryz Sat 12-Apr-14 20:41:27

Was there a bit of the email Giddy?

Sorry, everyone, just ignore everything I've typed, I'm probably wrong.

GiddyUpCowboy Sat 12-Apr-14 20:42:33

gmail, sky and outlook are all mentioned in the list I was given.

ItsAllGoingToBeFine Sat 12-Apr-14 20:42:39

If you use login with google/login with Facebook do you need to change your google/Facebook passwords too?

GiddyUpCowboy Sat 12-Apr-14 20:44:13

I would change your email passwords as there could be far more published elsewhere, they have the username, password and email, they haven't published it all just bits.

ItsAllGoingToBeFine Sat 12-Apr-14 20:45:18
headlesslambrini Sat 12-Apr-14 20:46:25

Just done it - easy peasy lemon squeezey

headlesslambrini Sat 12-Apr-14 20:48:53

Just done it - easy peasy lemon squeezey

SwedishEdith Sat 12-Apr-14 20:53:10

Ok, I changed password when I logged on at about 17.30- 18:00?? this evening (all as per the instructions and via the mn email link etc) Then I got another email again about an hour later from mn. Is this just a precaution that's been sent to everyone or....??

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:53:17

ItsAllGoingToBeFine

If you use login with google/login with Facebook do you need to change your google/Facebook passwords too?

We'll try to find out for sure, but tbh the current best advice is to change everything

firstchoice Sat 12-Apr-14 20:55:53

hmm.
have tried twice.
firstly got 'page not available'.
now not got an email to my email addy re password re-set.

so do ALL passwords on all site (ie personal banking / paypal etc) need re-setting????

RowanMumsnet (MNHQ) Sat 12-Apr-14 20:57:19

SwedishEdith

Ok, I changed password when I logged on at about 17.30- 18:00?? this evening (all as per the instructions and via the mn email link etc) Then I got another email again about an hour later from mn. Is this just a precaution that's been sent to everyone or....??

Sorry, this isn't deliberate - it did the same thing to me!

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:00:28

firstchoice

hmm.
have tried twice.
firstly got 'page not available'.
now not got an email to my email addy re password re-set.

so do ALL passwords on all site (ie personal banking / paypal etc) need re-setting????

Apologies and please keep trying - it's being a bit glitchy because of the sheer numbers doing it. (Assuming that the email address you're checking is definitely the one that's registered with us?)

ouryve Sat 12-Apr-14 21:01:24

Google recommend you change their password, anyhow. Ditto Yahoo.

Ineedmystrengthback Sat 12-Apr-14 21:02:12

grin success !!!! It only took me 3 hours

Hands out gin....

NearTheWindymill Sat 12-Apr-14 21:02:18

Done it on Mnet. Had an e-mail from AOL and trying on the account that used the same password without success.

I can't remember which flipping accounts have the MNet password. Ruddy Norah.

OMGtwins Sat 12-Apr-14 21:02:42

rustybear yes you're quite right, change your password now and change it again after the website is fixed is safer than not changing it. Especially if you have the same username and password across several sites.

imnotmadeofeyes this can't be fixed with antivirus or patching for us (om the client side) because it's not an issue with your computers/phones/tablets it's an issue with the servers that host the websites on t'internets that we connect to, sad times...

NearTheWindymill Sat 12-Apr-14 21:04:52

I don't do Ebay, I don't do PayPal, I don't do internet banking. I have the password linked to a few things but not many and get very confused as to which password relates to which account. I have 4 e-mail accounts. Does this mean I might be relatively safe. I never ever use my debit card on the internet. Only ever my credit card which I think is insured.

Maryz Sat 12-Apr-14 21:06:11

Poor Rowan.

She is missing BGT.

Actually <ponders> lucky Rowan grin

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:08:33

Maryz

Poor Rowan.

She is missing BGT.

Actually <ponders> lucky Rowan grin

Nooo it's worse than that, I'd promised DS1 a trip to Pizza Express somewhere posh for dinner and now he's looking at me like hmm while playing on the Xbox

Sirzy Sat 12-Apr-14 21:09:43

I hope Rowan is being paid overtime tonight! She is even managing to find time to send out emails apologising for not being able to change the email address straight away!

Message withdrawn at poster's request.

Maryz Sat 12-Apr-14 21:11:53

Poor Rowan's ds shock

NearTheWindymill Sat 12-Apr-14 21:12:21

Well, if they're on double time, like good Guardianistas they'll have no probs paying a high marginal rate of tax grin

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:14:56

Aw don't worry, we get looked after grin

InspirationFailed Sat 12-Apr-14 21:15:01

I can't change my password.

I clicked the link to reset

Change the password

Try to log in and get the 'unverified account' message and it tells me to click a link in the confirmation email.

But there is no link in it, so I click to resend the confirmation email and get this message (on the photo)

I'm assuming I'm logged in now under my old password (I clicked to log in with google and it logged me in without me having to put any password in)

trace2 Sat 12-Apr-14 21:15:56

We need to know if mumsnet has been patched because if not then the new password will be as vulnerable as the one it replaces.

I have changed passwords etc. having a wibble. Checked amazon and my recent viewing history was all the mn books. I haven't looked at these on amazon. Scared now.

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:17:47

trace2

We need to know if mumsnet has been patched because if not then the new password will be as vulnerable as the one it replaces.

Yes we did the patch last week trace2 - our best guess is that the breach occurred before then

RafaIsTheKingOfClay Sat 12-Apr-14 21:17:57

Rowan can probably confirm this but I think it has been patched a couple of days ago. Unfortunately the data was taken before it was patched and very few people had changed their passwords since then.

RafaIsTheKingOfClay Sat 12-Apr-14 21:18:13

oops x posts

InspirationFailed Sat 12-Apr-14 21:18:18

It won't let me add the photo

VelocityViewServlet : Error processing a template for path '/resend-registration-confirm'
Unable to find resource 'mobile/registration/reg_confirm_resender.html'
org.apache.velocity.exception.ResourceNotFoundException: Unable to find resource 'mobile/registration/reg_confirm_resender.html'
at org.apache.velocity.runtime.resource.ResourceManagerImpl.loadResource(ResourceManagerImpl.java:483)
at org.apache.velocity.runtime.resource.ResourceManagerImpl.getResource(ResourceManagerImpl.java:354)
at org.apache.velocity.runtime.RuntimeInstance.getTemplate(RuntimeInstance.java:1400)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:198)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.Template.merge(Template.java:328)
at org.apache.velocity.Template.merge(Template.java:235)
at org.apache.velocity.tools.view.servlet.VelocityViewServlet.performMerge(VelocityViewServlet.java:805)
at com.mumsnet.baseservlets.CommonBaseServlet.performMerge(CommonBaseServlet.java:420)
at org.apache.velocity.tools.view.servlet.VelocityViewServlet.mergeTemplate(VelocityViewServlet.java:762)
at org.apache.velocity.tools.view.servlet.VelocityViewServlet.doRequest(VelocityViewServlet.java:555)
at org.apache.velocity.tools.view.servlet.VelocityViewServlet.doGet(VelocityViewServlet.java:509)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.SessionNotifierInitialisationFilter.doFilter(SessionNotifierInitialisationFilter.java:28)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.AdvertisingFilter.doFilter(AdvertisingFilter.java:186)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.ReferralTrackingFilter.doFilter(ReferralTrackingFilter.java:154)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.FirstSeenCookieFilter.doFilter(FirstSeenCookieFilter.java:34)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.security.filters.SecureCookieVerificationFilter.doFilter(SecureCookieVerificationFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.ResponseMetricFilter.doFilter(ResponseMetricFilter.java:40)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:45)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.mumsnet.filters.RequestFilter.doFilter(RequestFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at de.javakaffee.web.msm.RequestTrackingContextValve.invoke(RequestTrackingContextValve.java:99)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:170)
at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:138)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)

trace2 Sat 12-Apr-14 21:18:50

Thank you x

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:19:13

InspirationFailed

I can't change my password.

I clicked the link to reset

Change the password

Try to log in and get the 'unverified account' message and it tells me to click a link in the confirmation email.

But there is no link in it, so I click to resend the confirmation email and get this message (on the photo)

I'm assuming I'm logged in now under my old password (I clicked to log in with google and it logged me in without me having to put any password in)

Hmm that's odd - anyone else finding that the Google log-in is allowing you to circumvent the password reset?

Sorry Inspiration, your photo didn't upload

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:20:46

sorry x-post Inspiration - can you email in to contactus@mumsnet.com?

NearTheWindymill Sat 12-Apr-14 21:20:58

I had a message to change internet provider too. I'm going to cancel my credit card I think.

Legologgo Sat 12-Apr-14 21:21:13

I've had this password since 2003. Sniff

NearTheWindymill Sat 12-Apr-14 21:21:29

Beyond credit cards what else could be exposed do you think?

Legologgo Sat 12-Apr-14 21:23:15

Mnhq. If you're emailing me wrt anything my hotmail is out. So try twitter.
0<

coffeeinbed Sat 12-Apr-14 21:23:36

A message from who, Windymill?

RafaIsTheKingOfClay Sat 12-Apr-14 21:23:52

I've not used the google log in, and I'm no expert but wouldn't it use your google password to log you in not a specific MN one? I don't know if it's under MN's control.

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:26:08

Ah we've just had a sudden rush of emails saying the password reset mail either isn't arriving or is blank when it does arrive - we're getting Tech to take a look now.

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:32:44

Inspiration, are you posting using the app?

NearTheWindymill Sat 12-Apr-14 21:33:21

From my internet provider so wondering if this is viral. Obviously not going to say who my internet provider is on here. Interner provider password not provider - sorry typed fast.

NearTheWindymill Sat 12-Apr-14 21:34:03

So, is this why we were all being logged out then?

NearTheWindymill Sat 12-Apr-14 21:35:12

So does this mean our personal identities could be out there then?

coffeeinbed Sat 12-Apr-14 21:36:02

strange.

InspirationFailed Sat 12-Apr-14 21:40:33

I'm posting using the mobile site, I logged out and tried to log in again and the only way I can do it is to go via google. It hasn't asked me for any password at all. I've emailed.

RowanMumsnet (MNHQ) Sat 12-Apr-14 21:55:13

InspirationFailed

I'm posting using the mobile site, I logged out and tried to log in again and the only way I can do it is to go via google. It hasn't asked me for any password at all. I've emailed.

We've replied to you now Inspiration

comicsansisevil Sat 12-Apr-14 21:55:28

Message withdrawn at poster's request.

InspirationFailed Sat 12-Apr-14 21:55:58

Thank you :-)

HanSolo Sat 12-Apr-14 21:59:04

MNHQ, please could you answer a question?

Our usernames and passwords have been published online, is that correct? But is that purely the current username, or all our old ones too? <gibbers>

eatyourveg Sat 12-Apr-14 21:59:10

Trying to change the password on my account, type in my old password which I kept having to use to log in with yesterday but its now saying it doesn't recognise it! confused How can I change it if I don't know what it is to start with?

Quinteszilla Sat 12-Apr-14 21:59:15

How long after clicking the link until I receive my password reset?

Blondieminx Sat 12-Apr-14 22:00:32

Just popping on to say I followed the link and reset with no probs.

And the thing that I learned today? That M&S make Honeycomb baileys, which sounds amazing grin

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:03:56

HanSolo

MNHQ, please could you answer a question?

Our usernames and passwords have been published online, is that correct? But is that purely the current username, or all our old ones too? <gibbers>

We honestly don't know exactly what's out there and wouldn't want to give false reassurance. Sorry.

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:07:40

Quinteszilla

How long after clicking the link until I receive my password reset?

It should come through fairly quickly.

Just going to post up here a list of things to check - apologies if you've already done so but this covers most of the bases we think:

******

If you've asked for a reset but got a blank message or a message asking you to confirm your email address, it sounds as though you didn't confirm your email address with us when you initially signed up to Mumsnet. (If this is the case you'll probably be posting on the app, or via Google or Facebook login, because otherwise people without confirmed email addresses can't post on the site.) Could you search your email for the mail from us that we would have sent when you first signed up, which contains a 'confirm email' link? Once you've confirmed your email address with us, please go through the password reset process again.

If you've received the link but are having trouble with it, try copying and pasting it directly into your browser - sometimes this works where clicking directly on the mail link doesn't.

If you've asked for several reset mails, it may be worth checking that you're definitely clicking on the most recently received one, as they expire after half an hour.

If you're not receiving the reset mail at all, it may be worth double-checking that the email address you're checking is the one that you used to sign up to Mumsnet, as that's the address we will be sending the reset mail to. If you realise that your registered MN address is one you can no longer access, do let us know.

It's also worth checking your spam folder as well.

If none of this works, it may just be the volume of people trying to reset passwords at the moment. Could you give it an hour and then ask for a fresh reset link?

Gruntfuttock Sat 12-Apr-14 22:08:02

eatyourveg the old passwords have been deleted, you just need to enter a new password.

Keepcalmanddrinkwine Sat 12-Apr-14 22:08:22

I came on the ask the same question as eatyourveg. I'm still logged in though, which is a good thing.
smile

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:08:48

eatyourveg

Trying to change the password on my account, type in my old password which I kept having to use to log in with yesterday but its now saying it doesn't recognise it! confused How can I change it if I don't know what it is to start with?

If you log out completely you'll be prompted to ask for a password reset link (without having to input your password)

Quinteszilla Sat 12-Apr-14 22:08:59

Do we need to make the change even if we have changed the passwords after the security breach? I changed mine yesterday.

NearTheWindymill Sat 12-Apr-14 22:10:13

So, it's our Mnet nickname(s), internet password that might be published. Not our r/l name - is that right. Can the two be linked please?

cozietoesie Sat 12-Apr-14 22:16:00

If you're logged in, you can see whatever details are in the account profile - but they're pretty darned limited even so. There's far more out there on you on other and open systems.

noblegiraffe Sat 12-Apr-14 22:16:03

I suppose if they had access to Justine's account that might have given them access to everything?

RafaIsTheKingOfClay Sat 12-Apr-14 22:18:38

I think so Quinteszilla. As far as I know they've just removed all the passwords that were current after this afternoon's security issue. My old password was the one I changed to last night.

Maryz Sat 12-Apr-14 22:20:19

To be fair, for most people their MN account/login/password isn't really a problem.

Apart from those who are concerned about DV, embarrassment is the worst thing that will happen if anyone is outed on MN.

It's people who use the same password for MN that they use for banking/credit cards/anything very personal who should be worrying. It isn't an issue, really, for anyone else.

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:21:23

Quinteszilla

Do we need to make the change even if we have changed the passwords after the security breach? I changed mine yesterday.

Yes, sorry - as of about 5pm every single user's password was wiped.

You can log in to your MN account via Facebook or Google (without changing your MN password) if you have accounts there (because those use your FB/Google passwords) - but of course best current advice is to change ALL your passwords, just as a word of warning...

pepperrabbit Sat 12-Apr-14 22:22:34

I'm very confused sad
I didn't get the reset email at all and contacted MN via the contactus@mumsnet email address. Tried my old password and everything. Just received the generic email and haven't a clue if my email address is the one I registered with as it was over 8 years ago (as it's DS2's 8th birthday and I was def on an antenatal thread when he was a bump!)
Anyhow, I just got back in by pressing the "Log me in via Facebook" button, and voila - no password needed - straight in.. confused and slightly shock

Moln Sat 12-Apr-14 22:24:02

I'm not going to be able to remember all these new passwords

<weeps real tears>

It's bad enough I have to have 500 different passwords in work

sad

Quinteszilla Sat 12-Apr-14 22:25:01

I think I will look upon this as a game of Russian Roulette. I have waited 30 minutes for my email. If it does not arrive, then my MN days will be over the next time I am logged out. grin Will do me good.

RafaIsTheKingOfClay Sat 12-Apr-14 22:26:12

Moln, I changed almost all of mine last weekend routinely. I could have cried when I saw that article on this earlier in the week.

Maryz Sat 12-Apr-14 22:28:35

Awwwww Quint sad

You can't go.

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:31:40

pepperrabbit

I'm very confused sad
I didn't get the reset email at all and contacted MN via the contactus@mumsnet email address. Tried my old password and everything. Just received the generic email and haven't a clue if my email address is the one I registered with as it was over 8 years ago (as it's DS2's 8th birthday and I was def on an antenatal thread when he was a bump!)
Anyhow, I just got back in by pressing the "Log me in via Facebook" button, and voila - no password needed - straight in.. confused and slightly shock

Yup, Google and Facebook log-in will get you around re-setting your Mumsnet password; we still know it's 'you' because the email address you used for signing up to Google or Facebook gets cross-checked with your registered MN email address.

noblegiraffe Sat 12-Apr-14 22:33:19

The alarming thing here is that MN was apparently hacked before heartbleed went public. So someone knew about it and used it before the general public were alerted.

We only know MN was hacked because the hacker was kind enough to let us know. That at least one person was hacking before the vulnerability was general knowledge and was patched up means that other vulnerable sites like gmail and Facebook may have been hacked too, before the updates, and without us knowing about it. People need to change their MN password, but even those who use other passwords for other things need to be changing those too, not just those they use their mn password for.

Quinteszilla Sat 12-Apr-14 22:34:06

Maryz grin It is all up to MNHQ!

Quinteszilla Sat 12-Apr-14 22:34:38

But I dont WANT you mixed up in my Facebook!

Quinteszilla Sat 12-Apr-14 22:35:31

My Facebook is all riot, with birthday celebrations of my friends cats tonight! shock I cant mix these two worlds!

Maryz Sat 12-Apr-14 22:35:46

<kicks Rowan>

Bump Quint up to the top of the "posters who need a reply queue will you?

[ingratiating smile]

ExcuseTypos Sat 12-Apr-14 22:37:00

Just to say I've changed my password without any problems.

This has also promoted me to change all passwords on other websites. So thank you for highlighting all this. flowers

psychomum5 Sat 12-Apr-14 22:39:55

Happy to say it all worked for me......thanking all that is holy right now as I originally registered with an email that got hacked, and I wasn;t sure which email I then used when re-setting things before.

ANYWAY.....all is done <sigh of relief>

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:41:28

Maryz

<kicks Rowan>

Bump Quint up to the top of the "posters who need a reply queue will you?

[ingratiating smile]

We honestly don't know why the reset emails aren't getting through!

Quinteszilla Sat 12-Apr-14 22:42:52

Hang on, have we gone back to 2011? Thats the last time I saw psychomum. Hurra, we have a password reset time machine (without a password reset!)

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:43:36

Sorry, that wasn't meant to sound as defensive/short as it did wine

We don't have a way of manually ensuring that the reset email gets through. If you see what we mean...

firstchoice Sat 12-Apr-14 22:43:43

I've not had any link through to my email account despite asking to reset about 3 hours ago?
checked spam etc and not there either.

HQ - what do I do pls?

5madthings Sat 12-Apr-14 22:46:24

On the basis that people are having problems with this and ok aaccount of the fact I can't be arsed can I do this tomorrow? I can still post ok etc or will it eventually lock me out?

Maryz Sat 12-Apr-14 22:47:18

smile

<soothes Rowan's fevered brow>

<proffers gin&vallium>

Quinteszilla Sat 12-Apr-14 22:47:49

It is a bit like waiting for the Langoliers arriving, or Godot. Whichever float your literary boat!

<purrs on Maryz's lap>

ThePearShapedToad Sat 12-Apr-14 22:48:24

Would just like to offer HQ a soothing head rub and non-condescending pat on the back for the chaos some tw@tty annoying hacker has put them all through tonight

If you can, stop and have a biscuit or 10 for a few mins

Night all

Friedbrain Sat 12-Apr-14 22:48:28

so I done this, and now I have a random name that I didn't even choose!???

Quinteszilla Sat 12-Apr-14 22:50:25

MNHQ gave you friedbrain as a username at random?

Do you think it is an insult, or an improvement?

ThePearShapedToad Sat 12-Apr-14 22:51:47

How did you get given a new username??!

<curious>

I just changed my password (via reset link) and carried on.... Were we meant to be changing usernames too??

usualsuspectt Sat 12-Apr-14 22:52:06

That's not right, Friedbrain. confused

Message withdrawn at poster's request.

usualsuspectt Sat 12-Apr-14 22:52:58

I wonder what user name they would give me grin

usualsuspectt Sat 12-Apr-14 22:53:38

oh yes, check your inbox, Fried.

Maryz Sat 12-Apr-14 22:54:23

Godot never arrived, did he?

Friedbrain, I suspect that can't be right.

<ponders whether mnhq would allocate me QueenofMumsnet or WastofSpace as name>

Friedbrain Sat 12-Apr-14 22:54:33

I have no.idea...??????

MNHQ????

My name wasn't anything like.this.before...

I do feel like my brain is fried tho smile

Nothing in.history.... shock

Quinteszilla Sat 12-Apr-14 22:55:01

Friedbrain only posted twice, so must be a NEW name.

Maryz Sat 12-Apr-14 22:55:49

I'm not changing my user name Pear shock. I have been me since the internet was invented. I refuse to wear sidebollocks or extra letters.

usualsuspectt Sat 12-Apr-14 22:56:08

ooh err, Friedbrain.

Wonder what's gone on.

Maryz Sat 12-Apr-14 22:56:49

I'm sorry for laughing FriedBrain, but if it's any consolation I love your name grin

Friedbrain Sat 12-Apr-14 22:57:18

It's annoying...

Had all interesting threads saved.angry envy

Quinteszilla Sat 12-Apr-14 22:57:53

Please tell us who you used to be, and we can find the threads you were on for you.

BiscuitCrumb Sat 12-Apr-14 22:58:06

I requested a password change and nothing... Not in spam either.

I'm now worried Rebecca's OP is a hack and we are all entering email addresses and clicking on links and exposing ourselves more? - paranoid moi?!?!

ThePearShapedToad Sat 12-Apr-14 22:58:08

Well exactly <folds arms>

I love my name grin

I love being a pear. Or a toad.

Maryz Sat 12-Apr-14 22:58:11

I've reported you Fried, in case they missed it.

<continues to chuckle>

usualsuspectt Sat 12-Apr-14 22:58:31

Friedbrain is a cool name though, just a pity it's not yours.

Maryz Sat 12-Apr-14 22:58:56

Biscuit shock

<wibbles>

Quinteszilla Sat 12-Apr-14 22:59:34

Usualsuspect, it is hers now, though!

Pear, you will be reincarnated as Pearytoad, mark my words.

ThePearShapedToad Sat 12-Apr-14 22:59:47

Nah it's ok biscuit, we were worried earlier that mnhq's replies were actually a hacker...

But they posted a picture of a certain type of bear <taps nose>

Y'know.....
wink

Legit innit

RowanMumsnet (MNHQ) Sat 12-Apr-14 22:59:56

Friedbrain

I have no.idea...??????

MNHQ????

My name wasn't anything like.this.before...

I do feel like my brain is fried tho smile

Nothing in.history.... shock

You've set up an entirely new account, it seems! If you want to mail in to contactus@mumsnet.com letting us know who you used to be we'll try to sort it out for you (but to be honest it may take us a day or so)

DieselSpillages Sat 12-Apr-14 23:00:10

I've had to start afresh as email address was just one I use for signing up to stuff and I'd lost the password and couldn't get back in...angry

It's been a right pain in the ass; but now I feel just like a mumsnet virgin grin

This whole heartbleed thing is probably a scam by the CIA to learn all our new passwords <puts tin foil hat on head>

Maryz Sat 12-Apr-14 23:00:47

Fried, hang on to that name.

You will be forever famous.

AlpacaYourThings Sat 12-Apr-14 23:02:01

I refuse to wear sidebollocks

grin grin

Friedbrain Sat 12-Apr-14 23:02:37

How did I manage that?

I only requested a new password?

If I set up a whole new.account (don't know how tho) how did it just choose a name for me???

BiscuitCrumb Sat 12-Apr-14 23:02:50

Phew thank goodness a thanks pear.

It is worrying though. It's promoting me to sift through accounts and change everything (of those I remember). On a separate note though how frustrating is it that you can't seem to buy a thing without registering on websites and giving a password. Lots of us use the same passwords and are obviously exposing ourselves. Why can't we just buy shit without registering.

RowanMumsnet (MNHQ) Sat 12-Apr-14 23:03:20

BiscuitCrumb

I requested a password change and nothing... Not in spam either.

I'm now worried Rebecca's OP is a hack and we are all entering email addresses and clicking on links and exposing ourselves more? - paranoid moi?!?!

Sorry you're having trouble Biscuit - here's our exciting, ever-evolving list of things to double-check:

***

If you signed up via Google or Facebook, there's no immediate need for you to change your password on Mumsnet - you can just carry on signing in via Google and Facebook. Best advice at the moment is to change all passwords for all services, but that's entirely up to you. Right now you won't be able to change your Mumsnet password because users who signed up via these methods didn't have their email addresses 'confirmed', and without a confirmed email address the reset password email won't reach you. <headache> The short version being - please carry on using Google or Facebook to log in and don't worry for now about changing your MN password.

If you've asked for a reset but got a blank message or a message asking you to confirm your email address, it sounds as though you didn't confirm your email address with us when you initially signed up to Mumsnet. (If this is the case you'll probably be posting on the app, or via Google or Facebook login, because otherwise people without confirmed email addresses can't post on the main site.) Could you search your email for the mail from us that we would have sent when you first signed up, which contains a 'confirm email' link? Once you've confirmed your email address with us, please go through the password reset process again.

If you've received the link but are having trouble with it, try copying and pasting it directly into your browser - sometimes this works where clicking directly on the mail link doesn't.

If you've asked for several reset mails, it may be worth checking that you're definitely clicking on the most recently received one, as they expire after half an hour.

If this still doesn't work, it may just be the volume of people trying to reset passwords at the moment. Could you give it an hour and then ask for a fresh reset link?

If you're not receiving the reset mail at all, it may be worth double-checking that the email address you're checking is the one that you used to sign up to Mumsnet, as that's the address we will be sending the reset mail to. If you realise that your registered MN address is one you can no longer access, do let us know.

Quinteszilla Sat 12-Apr-14 23:04:48

If you're not receiving the reset mail at all, it may be worth double-checking that the email address you're checking is the one that you used to sign up to Mumsnet, as that's the address we will be sending the reset mail to.

I know for a fact it is that email, as this is the email I get MNHQ mails to.

Darkesteyes Sat 12-Apr-14 23:04:59

I seem to have done it ok <crosses fingers>

RowanMumsnet (MNHQ) Sat 12-Apr-14 23:05:36

Friedbrain

How did I manage that?

I only requested a new password?

If I set up a whole new.account (don't know how tho) how did it just choose a name for me???

In all honesty we've got no idea. People who register without choosing names do get assigned a random username, but it's usually a fairly incomprehensible string of letters and numbers...

Maryz Sat 12-Apr-14 23:05:39

That's a good point biscuit.

I've registered for all sorts of crap. I'm going to get a new email address and use it only for registering for crap. Keep my real email for things that matter.

If nothing else, this has made me think.

VivaLeBeaver Sat 12-Apr-14 23:05:49

I'm not getting an email from you after requesting a reset one. Its the right email address on my account.

usualsuspectt Sat 12-Apr-14 23:06:25

It's because you weren't wearing a tin foil hat, when you changed your password, Fried.

MadBusLady Sat 12-Apr-14 23:06:52

I haven't had the email either, not in junk, not in deleted, and I get mn emails to that address all the time. If I hadn't happened to see this in active convos I wouldn't have known to change my password.

<flails>

ThePearShapedToad Sat 12-Apr-14 23:06:56

I know biscuit, think it's probably a good wake up call that we'd all become a bit lax, across all websites, not just MN

Why companies can't just see that I'm a good girl and don't steal data / credit card info etc and just let me sign in without having to remember the circumference of the moon on a cloudy night whilst being hidden by Jupiter, I don't know grin

I often think the same walking through airport security. Can't they see I'm sweet and adorable?!!

<goes off to write down a billion new passwords>

<remembers I'm not meant to be writing down passwords as is unsafe>

<adds "1,2,3" to all passwords instead>

usualsuspectt Sat 12-Apr-14 23:08:54

I'm tempted to register a new account with choosing a user name to see what name I get.

usualsuspectt Sat 12-Apr-14 23:09:17

without*

BiscuitCrumb Sat 12-Apr-14 23:09:28

Definitely not Facebook or Google. Definitely correct email address - worked 2 days ago when I name changed and reset when I first heard about heartbleed. Just not working now!

Bet you lot at HQ are busy!

RowanMumsnet (MNHQ) Sat 12-Apr-14 23:11:52

We will try to get to the bottom of it, although in all honesty it's probably not going to happen tonight... sorry

FWIW we've had a couple of mails saying Hotmail and Yahoo mail both seem to be struggling tonight (with their own issues) - so it's possible that some of these non-receipt issues are to do with your email providers rather than us. But we'll try to work it out.

GwenStacy Sat 12-Apr-14 23:13:03

Rowan - I work in email marketing and database management and under ico rules you're allowed to contact people with what's classed as a 'fulfilment' type email even if they have asked not to be emailed, so you wouldn't be falling foul of spam rules if you emailed everyone smile

Quinteszilla Sat 12-Apr-14 23:13:50

Well, I am going to bed.

Tomorrow will tell if the Langoliers came and ate mumsnet, or me. Or all of us. Or if Godot wrote himself into an alternative ending, and in fact arrived. (Maybe he did, when the curtains had fallen and we all left this theater)

Tiredmumno1 Sat 12-Apr-14 23:13:57

<sob>

It took me forever to change my password, it wouldn't let me do it for ages.

I thought I'd lost you all forever.

Friedbrain Sat 12-Apr-14 23:16:05

Baffled hmm hmm confused hmm confused hmm confused hmm confused blush blush

stretch Sat 12-Apr-14 23:17:04

No reset email through yet. Will have to try again tomorrow.

Message withdrawn at poster's request.

Maryz Sat 12-Apr-14 23:18:49

I just tried that usual.

It told me to fill in the field confused

Quinteszilla Sat 12-Apr-14 23:20:10

Yes, but it is sensible of MNHQ to do it this way, as it circumnavigates scammers making use of the situation and sending Phishing emails with links, which will cause further problems for users.

If users knows there is a thread with a link, they will maybe be more suspicious if a bulk mail saying "Dear MN member, please click on the link below to change your username" just to be taken to a copy cat site where they give away their usernames and passwords.

Users may not be able to distinguish between a scam email and a legitimate one.

This always happen in the wake of a security breach, scammers target users by sending random phishing emails to their entire list, scatter gun approach, hoping SOMEBODY will fall for it.

Maryz Sat 12-Apr-14 23:20:48

Hang on, if Godot arrives I want my (fictitious) money back.

I studied that play for years and nothing ever happened. If he arrives I want my Leaving Certificate (circa 1979) exam paper rechecked <huffs>

Crazeeladee Sat 12-Apr-14 23:21:09

I've tried twice, but no email? Can't get the link to contact you to work either. Will try again tomorrow too.

Quinteszilla Sat 12-Apr-14 23:21:40

Sorry Beertricks. Have this as a consolation It will make it better.

Sparklingbrook Sat 12-Apr-14 23:21:40

Who were you Friedbrain? sad

I took less than a minute to change. Thanks.

Quinteszilla Sat 12-Apr-14 23:24:04

Maryz, I saw it at the Old Vic, with Ben Kingsley, SWOON.

Maryz Sat 12-Apr-14 23:30:27

Ben Kingsley?

That would make Godot just about bearable.

Quinteszilla Sat 12-Apr-14 23:31:13

Yup. It was a delight.

Quinteszilla Sat 12-Apr-14 23:31:39

More edge than Death of a Salesman.

LadyStark Sat 12-Apr-14 23:32:01

Forgive me if this has already been mentioned (people saying they couldn't remember stuff prompted me!) but I went to a cyber security event where they said you're better off writing down a really complicated password that you keep near your PC than using something easier/memorable.

Largely as the chances of being hacked are far greater than that of someone breaking into your house and logging onto your computer. Might be worth keeping in mind for those worried that they can't remember more secure passwords.

Message withdrawn at poster's request.

not received it either

Quinteszilla Sat 12-Apr-14 23:37:32

But to make long and complicated passwords memorable, you can make your own system.

Like

Site + your first car/pet/school + random number like 893:
MumsnetTrinityHigh893
NextTrinityHigh893
HotmailTrinityHigh893

Virtually impossibly for anybody to get, but as long as you remember "your" code, and random numbers, you will be fine. You can add £$% anywhere in it.

Quinteszilla Sat 12-Apr-14 23:38:22

Oslo Treaty Plan! Jan Egeland was in the UN peace keeping force.

Maryz Sat 12-Apr-14 23:38:34

That's all very well Lady.

But wait until you have obnoxious teenagers who aren't averse to "borrowing" your credit card to buy a concert ticket.

When my bank call me to tell me that £££££ have been taken from my account I want to be 100% sure I can categorically say that there is no way my teenagers could have my details. I try to trust them, but as they get older I can't be sure they don't have friends in/feel they are entitled to whatever/have gone off the rails.

Quinteszilla Sat 12-Apr-14 23:39:52

My son had his moviestarplnt password on a piece of paper by his machine. I dont need to tell you what happened next.

BananaBeforeBed Sat 12-Apr-14 23:49:29

Password reset won't work for me, either using my password up until last week, or the new one I chose last night.

tiggytape Sat 12-Apr-14 23:52:11

Do we have to wait for the email?

If we follow the link in Rebecca's post is that enough?
Is there a special reason for waiting until prompted by an email (mine hasn't come either)?

usualsuspectt Sat 12-Apr-14 23:52:45

8

usualsuspectt Sat 12-Apr-14 23:56:59

NO

cafecito Sat 12-Apr-14 23:57:12

friedbrain is a wonderful name!

LadyStark Sat 12-Apr-14 23:58:30

I don't think it has to be kept literally next to your machine, it's just a statistical response to security I suppose, regarding likelihood of someone breaking in and the motivations of doing that vs hacking.

I completely hadn't thought about teenagers though - don't have one yet and can see that may pose a risk!

RafaIsTheKingOfClay Sat 12-Apr-14 23:58:56

tiggy if you click on the link in the OP it will guide you through changing your password. That will involve sending you an e-mail which you need to click the link in.

There is a separate mass e-mail explaining what's going on just in case people haven't seen this thread. You don't need to wait for that.

Rowan, it's not hugely important as I've already changed my password but I haven't had the e-mail explaining what's going on. I don't need it but if I haven't had it then others might not have either.

usualsuspectt Sat 12-Apr-14 23:59:03

Ignore those posts,this thread is jumping about all over the shop on my kindle grin

BitchyVstheUFOs Sun 13-Apr-14 00:51:45

Do we have any update on the lack of emails being sent out with the link for resetting? It is rather annoying that the one requested around 9:30pm has not arrived. <crosses fingers that this posts>

BitchyVstheUFOs Sun 13-Apr-14 00:51:54

Do we have any update on the lack of emails being sent out with the link for resetting? It is rather annoying that the one requested around 9:30pm has not arrived. <crosses fingers that this posts>

MillyMollyMully Sun 13-Apr-14 01:04:31

Just want to say thanks to MNHQ for doing the "all hands to the pump" thing. thanks Most impressive.

Ohwhatfuckeryisthis Sun 13-Apr-14 01:16:30

I forgot my password. Wail!

TheFutureMrsB Sun 13-Apr-14 02:03:24

I've had to sign in through Facebook, not getting the password reset email either.

Will wait for it to come through and remember not to request again.

TanteRose Sun 13-Apr-14 02:11:43

I clicked the link in Rebecca's OP and it all went very smoothly. Didn't need to input my old password, just email and then new password.

PirateJones Sun 13-Apr-14 02:15:51

test test 123

ettiketti Sun 13-Apr-14 05:51:37

I can't log into the app although ive clearly logged into here...

ChristopherRobin Sun 13-Apr-14 06:14:09

I've not been sent the email either. I've requested it twice now.

SetPhasersTaeMalkie Sun 13-Apr-14 07:07:33

Have you tried clicking the link in the OP? I didn't get an email, just clicked the link and then received the email.

Yay it worked, done it!

Rebecca I dreamed about you last night...hmm!

BiscuitCrumb Sun 13-Apr-14 07:43:52

It's worked for me this morning. But I do need to sort my digital life out I think. Oh dear.

cozietoesie Sun 13-Apr-14 07:54:05

You dreamed about a MN staffer, giraffes ? Oh My.

BananaBeforeBed Sun 13-Apr-14 08:06:27

Ou can ignore me, I got it to work.

Thanks

hedgehogy Sun 13-Apr-14 08:09:03

I can't change mine. It's asking for my current password but saying it's not the one on my account - and it definitely is. I've tried changing the password without entering my current password but it says it needs my current password too sad I'm still logged in on my ipad.

hedgehogy Sun 13-Apr-14 08:13:00

It's ok - it worked following the link; I was trying I do it from 'my account'.

poorbuthappy Sun 13-Apr-14 08:13:16

I've just logged in via FB.
My email requested at about 6.30 came through at 4.45 this morning and was valid for 30 mins.
Ummmm right!
Can I just change my password log out and log back in?

Jollyphonics Sun 13-Apr-14 08:21:39

My email hasn't arrived, requested last night. I can't manually change my password as my original one is no longer valid, but strangely I can still post on threads!

poorbuthappy Sun 13-Apr-14 08:23:27

Just tried to change mine and it won't work.
So I'll email them tomorrow. I know that if they email me again today I won't get to it in time.

Faverolles Sun 13-Apr-14 08:28:55

I still haven't had an email.
I tried to change my password on my account page, but it won't let me.
What do I do?

Quinteszilla Sun 13-Apr-14 08:32:11

The emails arrived around 7 am this morning while I was asleep. They would be expired by now.

Quinteszilla Sun 13-Apr-14 08:41:41

MNHQ You cant let the links in the emails expire within 30 minutes, if they take 7 hours to get to my inbox! People cant sit and monitor their inboxes. We have lives! (although it may not look like it)

NakedFlame Sun 13-Apr-14 08:42:42

Does anyone know how I can delete a MN account. I seem to have 2.

twofingerstoGideon Sun 13-Apr-14 08:44:32

Thanks, Mumsnet, for sending me a password reset link at 4.55 a.m. and telling me it's only valid for 30 minutes. Useful!
(not)

RandallFloyd Sun 13-Apr-14 08:47:03

You can't change your password through 'my account'.

You can still post as normal until you physically log out.
No one is being forcibly logged out.

You don't need to wait for an email.

You just need to click the link in the OP and follow the instructions.

If following the instructions in the OP doesn't work, leave it a couple of hours and try again.
If it still doesn't work email HQ.

In the meantime, the most important thing to do is change your passwords everywhere else.
The worst that can happen if someone hacks your MN account is that they post some weird shit in your name.
The risk is that if you use the same email/password combo elsewhere they could use it there.

RandallFloyd Sun 13-Apr-14 08:49:41

The sheer volume of requests is probably hammering their servers at the moment so there's bound to be glitches.

As long as you don't log out in the meantime nothing will happen.

I'd maybe leave a couple of days and try again.

CuttingOutTheCrap Sun 13-Apr-14 08:49:49

Have finally reset my password. Original email arrived hours after my request, so had expired by the time i got to it this morning.

Had to request again