Advanced search

Your passwords are vulnerable. Change them.

(47 Posts)
Edw4rdSnowden Sat 12-Apr-14 14:53:14

Dear Mumsnet

Your 'tech support' (ha) have taken you for a ride. This site's security response to the Heartbleed exposure ( ) has been woeful and anyone with slightest know-how of OpenSSL has been able to grab the logging-in details of Mumsnet users (including administrators). I could post screencaps of the board where this geezer has been posting up how funny he is messing around with mumsnet but that's by the by.

This is especially dire news if you've been daft enough to use the same password for mumsnet as you had for your email addresses and amazon accounts etc.

Change all your passwords immediately, ESPECIALLY if your mumsnet password is one you foolishly use for other services.

Finally I urge you to reconsider whether this website and its administrators take your security seriously.

AmyMumsnet (MNHQ) Mon 14-Apr-14 10:49:20

Oh God, I can't even use strikethrough effectively. HQ powers are clearly squandered on me.

AmyMumsnet (MNHQ) Mon 14-Apr-14 10:48:48

Hi everyone,

We've responded to what's going on over here.

Apologies for all the inconvenience caused by changing passwords, but it's hopefully less inconvenient than someone using all of your hilar Pinterest memes for evil <--hopes no one asks for examples of how-->.

MrsWembley Sun 13-Apr-14 22:14:47


<mumble mumble splutter cough cough>

Wha??? I was away? Wha's happ'ning? Who did wha'?

<mutters something along the lines of 'that'll teach me for camping somewhere without wi-fi'>

<coughs, splutters, goes back to sleep>

<wakes up long enough to change password, goes back to sleep again>

RandallFloyd Sat 12-Apr-14 16:33:54

<dreams of having HQ powers>

cozietoesie Sat 12-Apr-14 16:33:36

Sorry - that would be a 'reliable instance'. I'm sure there are people plopping data from various sources all over the web. Just for badness.

RandallFloyd Sat 12-Apr-14 16:32:22

Pinterest! I hadn't thought of that. Imagine what they could do with my vast collection of recipes I'll never make, sarcastic e cards, and texts from the dog shock

sillymillyb Sat 12-Apr-14 16:32:15

Someone posted a website with a list of mumsnet usernames and passwords on the other thread. It's been taken down now but there was clearly identifiable posters on there.

EatShitDerek Sat 12-Apr-14 16:31:24

Message withdrawn at poster's request.

cozietoesie Sat 12-Apr-14 16:31:05

Out of interest, has one single instance of the vulnerability being used by bad guys been identified? (Just because someone has found out that it can be done doesn't mean that it actually has been done.)

RandallFloyd Sat 12-Apr-14 16:30:18

If I'd hacked Justine's account I would be bitch plopping all over the shop grin

EatShitDerek Sat 12-Apr-14 16:29:56

Message withdrawn at poster's request.

yourlittlesecret no just change it to another new one when the bug is fixed. And don't change passwords for other sites to the same one!

Any site running the relevant version of OpenSSL is vulnerable so your data could be retrieved from various places. It's even more of a problem if you use the same password for more than one site as your password could be retrieved from one site then used in other ones to get into your accounts.

RandallFloyd Sat 12-Apr-14 16:28:02

Oh I'm not particularly bothered about my MN being hacked.
All that would do is make me a bit more interesting for a while!

It was more for other things. I don't think I use the same email/password combo for anything else except ApprovedFood and MyFitnessPal so they're welcome to go nuts there too but I've changed it anyway. Mainly because Rebecca told me to!

EatShitDerek Sat 12-Apr-14 16:25:53

Message withdrawn at poster's request.

cozietoesie Sat 12-Apr-14 16:22:46

They say they're fine, firstchoice.

That's a fair point Derek. We should be reserving worry for sites where problems can seriously impact lives and not necessarily MN. (I'm sure that if you're found to have been hacked and someone starts to 'abuse random strangers' under your MN guise, MNHQ will treat it sympathetically. wink)

yourlittlesecret Sat 12-Apr-14 16:20:19

Not sure I want to put my email into a website about hacking.

EatShitDerek Sat 12-Apr-14 16:19:21

Message withdrawn at poster's request.

ItsAllGoingToBeFine Sat 12-Apr-14 16:18:29

Some of you may or may not find this site reassuring:

It'll monitor lists of hacked accounts and see if your email address appears.

firstchoice Sat 12-Apr-14 16:16:17

should we change passwords for paypal etc?
(mine are not the same as for MN but, even so?)

are online banking / paypal ones okay, does any one know???

ballsballsballs Sat 12-Apr-14 16:16:07


cozietoesie Sat 12-Apr-14 16:14:51

Change it in a week or two as well.

yourlittlesecret Sat 12-Apr-14 16:14:01

Postman Ahh now you tell us after I spent ages thinking up an inspired new PW. So do I change it back now?

I started a thread on geeky earlier about password managers. This made me think perhaps I don't take enough precautions.

InspirationFailed Sat 12-Apr-14 16:12:27

Thanks Maryz :-)

Worth considering that this thread could be an attempt to make everyone log in and change their passwords now while they are snooping on the data in the MN server's memory! Heartbleed doesn't access stored user accounts but exposes what data is being processed now.

Maybe hang fire on the password changes. It's pointless changing password now anyway until this site has upgraded to the fixed version without the Heartbleed vulnerability. Anyway MN might not use the relevant, vulnerable version of OpenSSL.

This is from DH who works in the field, not me!

ExitPursuedByABear Sat 12-Apr-14 16:01:26

So have I got to change my passwords for everything?



Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now