Advanced search

Site attacks, hackergate and resetting passwords - here's what we know, what we're doing about it and what we think you should do. PLEASE READ! PART TWO

(1000 Posts)
RebeccaMumsnet (MNHQ) Wed 19-Aug-15 07:31:49

Hi all,

This thread is about to max out please continue here and we will update with info as an when we have it.

We will get to all emails and reports but it may take some time Huge apologies.

Here is Justine's OP from the previous thread:

On the night of Tuesday 11 August, Mumsnet came under attack from what's known as a denial of service (DDoS) attack. Our servers were bombarded with requests, which required our internet service provider to massively increase server capacity to cope. We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets "Now is the start of something wonderful", "RIP Mumsnet", "Nothing will be normal anymore" and "Our DDoS attacks are keeping you offline".

To add to the 'fun', it seems @DadSecurity also resorted to Swatting attacks. Swatting is a criminal practice in which someone makes an emergency call to the police claiming that a crime is taking place at the house of the intended victim, in order to get them to send a swat team to the address.

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to "prepare to be swatted by the best" in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses. The police are investigating both instances.

@DadSecurity also claimed that he had access to Mumsnet user data. Later on 12 August, it became apparent that someone/ones had hacked into some of Mumsnet's administrative functions, at which point they were able to redirect our homepage to the @DadSecurity Twitter profile page, as well as to edit posts from two users' account and an MNHQ account on our forums.

Someone claiming to be the hacker also posted on the thread on which users were discussing the site outage. We immediately locked down all access to our admin functions and reported the attack to the police. We were confident that users' passwords had not been accessed, because MNHQ doesn't hold them as plain text; they're all encrypted, so that no one - not even us - can see them.

However, over the weekend, a user reported that posts had been made under her name which weren't by her, and we spotted two other cases where this had happened. This clearly suggested that the hacker had nonetheless been able to get hold of some users' passwords.

Our best guess at this stage (and it is just a best guess) is that this has been done via a form of phishing, in which the hacker creates a fake Mumsnet login page to which users are directed when clicking on our login button. The page would have had a different url but otherwise would look just like the usual page. The hacker would have been able to see passwords in plain text when they were typed in.

We take great care to protect the information you give us and not to ask for or store any more information than we need to run the site, but though we can't know how many accounts have been affected, there have been enough breaches for us to ask all Mumsnet users to change their passwords. As a result, you'll no longer be able to log in to Mumsnet with your current password, and will need to create a new one, here.

This will mean that any passwords the hacker has been able to harvest up to this point will be useless. We are looking into what we can do to strengthen our defences against phishing, but in the meantime we need to ask you to be vigilant, and to check the URL of the login page for the foreseeable future. The correct URL is and it reads https:// rather than http:// at the beginning. We will place a warning on the login page reminding you to do this.

Alternatively use the social login option (ie Facebook/Google) as then you won't be required to enter a password. And if you log into any other sites using the same password that you use on Mumsnet, it makes sense to change your password on those sites, too.

We're really sorry for the alarm and inconvenience this might cause, and we realise you're likely to have further questions about what's been happening, so here's a summary of answers to the most obvious questions.

You say the hacker was able to access Mumsnet users' data: was data from my personal account accessed?
We have no way of knowing how many Mumsnetters were affected - so far we have evidence of 11 user accounts being hacked but it's an ongoing investigation. Those users have been informed, and their passwords have been reset. We think it prudent, however, that everyone reset their passwords - which in any case is a sensible thing to do from time to time.

What data could the hacker see?
By using your password and login, he would have been able to see the data on your profile - so that includes your username or email plus your password, your postcode if you've supplied it, your username history and your Mumsnet inbox.

Now that I've changed my password, can you guarantee that my data is safe?
Unfortunately, we can't give you a cast-iron guarantee of this - no site can. By forcing a password reset the hacker won't be able to log in as you; however, if phishing was the cause, the page could be phished again, which is why it's important that you check the URL of the login page when you enter your details, or use your social login. If the URL is anything other than, don't use it.

Final thoughts
The internet is of course brilliant, but it's not 100% safe and secure. Whenever you share anything on the web, either publicly (such as on a Mumsnet thread) or privately (such as the data you give to a website when signing up), have a think about how happy you'd be for that information to fall into the hands of someone else. Make your passwords as secure as possible and change them every few months. Use different passwords for different accounts. Close redundant accounts that you no longer use.

And if you read nothing else...
I do realise this post is long, so here's a quick summary:

DO reset your Mumsnet password
DO make passwords really strong to reduce the risk of them being guessed
DO check the URL of any login page to reduce risk of phishing
DO verify that https:// is being used on login pages
DO use social login to avoid typing passwords
DON'T give out information to any organisations without verifying they are who they say they are (such as the fake @mumsnetsupport twitter account that had also been started but has now been removed by Twitter)

Please post here or mail us on with any questions or thoughts. As you can imagine our inbox is fairly voluminous at the moment but we'll get back to you as quickly as we can.

Thanks very much for reading,


00100001 Wed 19-Aug-15 07:35:52

I have a copy of the list - I will check it for you and PM you the details they have (if they have)

LauraGrooves Wed 19-Aug-15 07:36:16

Are that passwords that were hacked simple ones or complicated ones with lots of numbers and letters and not obvious?

PegsPigs Wed 19-Aug-15 07:36:18

No Century you're not.

AuntieStella Wed 19-Aug-15 07:37:02

Question for MNHQ: should all the emails notifying users have arrived by now?

Mine hasn't. (And I have checked deleted and spam folders).

LooksLikeImStuckHere Wed 19-Aug-15 07:37:11

If anyone has access to this list of usernames he's given out, I'd really appreciate you checking if I'm on it.

I imagine they have us all though sad

Minionoftruth Wed 19-Aug-15 07:37:24

both Laura
They got into the actual system so the strength of the password is irrelevant.

Figroller Wed 19-Aug-15 07:37:26

Hi can anyone check if I am on the list for me please.

PegsPigs Wed 19-Aug-15 07:38:14

No Stuck you're not

00100001 Wed 19-Aug-15 07:38:15

lookslike Nope not with that username smile

Minionoftruth Wed 19-Aug-15 07:38:23

You are not lookslike

00100001 Wed 19-Aug-15 07:38:42

fig nope smile

DixieNormas Wed 19-Aug-15 07:38:50

Message withdrawn at poster's request.

PegsPigs Wed 19-Aug-15 07:39:03

no fig you're not.

Nielsbohr Wed 19-Aug-15 07:39:05

Am I on the list?

Altinkum Wed 19-Aug-15 07:39:15

Message withdrawn at poster's request.

Minionoftruth Wed 19-Aug-15 07:39:18

Nope Figroller

BudgeUp Wed 19-Aug-15 07:39:26

Surely MNHQ will have notified people on the list?

00100001 Wed 19-Aug-15 07:39:50

niels Not on the list

Toooldtobearsed Wed 19-Aug-15 07:40:11

WI am having dreadful problems on computer this morning, my mailboxes overrun with spam, nightmare. Working on that now, but cannot get MN to load on computer, so back to iPad to ask if someone could please check to see if I am on list.
Hopefully just a coincidence but this has never happened to me before.

Altinkum Wed 19-Aug-15 07:40:17

Message withdrawn at poster's request.

ThumbWitchesAbroad Wed 19-Aug-15 07:40:24

Just checking into this thread.

What's going on now, Rebecca? Is this the beginning of the end? Are the doors firmly closed against this utter tosser now?

LooksLikeImStuckHere Wed 19-Aug-15 07:40:25

I've changed all passwords anyway but do you think they have everyone and have just released 3000?

AgentProvocateur Wed 19-Aug-15 07:40:38

Would someone please be kind enough to check whether I am? I'm on a train with poor 3G. Thank you

LooksLikeImStuckHere Wed 19-Aug-15 07:40:43

Thank you for checking smile

00100001 Wed 19-Aug-15 07:40:46

The secure password will help - (not with phishing obvs) but in general it will stop anyone guessing/brute force attacks

Pommes Wed 19-Aug-15 07:40:49

001, please could you check for me?

MythicalKings Wed 19-Aug-15 07:40:59

I have the list. Too many for MN to notify quickly.

PlainHunting Wed 19-Aug-15 07:41:12

I can't see myself on the list but I have changed names a lot and could have missed it. However, I have had to log back into MN several times over the last few days and I'm convinced that my emails have been compromised. I have been deluged with dodgy emails over the last few days, to the point where my email account is near impossible to use (think 100s of spam type mails per hour with only a handful of emails actually written to me per day).

I have tried to name change and change my password on MN but can't because it won't accept the original password, even though I know that's the one I've been using recently. Currently logged on with my most resent user name and logged in via FB. confused

I'm not the most tech savvy person so hope at some point someone can explain in layman's terms what on earth I should do.

I'm going to spend the morning changing passwords and user names on all the other websites I use that matter to me. My usernames have all been unique to MN but other passwords have been variants of the one I use(d) here.

Altinkum Wed 19-Aug-15 07:41:24

Message withdrawn at poster's request.

Minionoftruth Wed 19-Aug-15 07:41:26

can't see you agent

PegsPigs Wed 19-Aug-15 07:41:28

Dixie type into the address bar where the etc currently is. Right at the bottom it says 'on this page'. And the number of matches. You need to have the list open on a webpage first (apologies if that's obvious).

00100001 Wed 19-Aug-15 07:41:37

pommes Not on the list with that username smile


headlesslambrini Wed 19-Aug-15 07:41:48

Can someone check if Im on the list please, I'm having trouble logging into my email, thanks

G1veMeStrength Wed 19-Aug-15 07:41:51

I realise this sounds patronising but am going to shout it regardless


Just go and change your passwords on all the other sites.

Minionoftruth Wed 19-Aug-15 07:42:07

No pommes

hobnobsaremyfave Wed 19-Aug-15 07:42:43

Please can someone check for me I can't get to a pc to look until later on my phone on way to work at the moment
Thank you x

Altinkum Wed 19-Aug-15 07:42:59

Message withdrawn at poster's request.

MythicalKings Wed 19-Aug-15 07:43:07

No headless

Minionoftruth Wed 19-Aug-15 07:43:11

No hobnob

ConstanceBlackwood Wed 19-Aug-15 07:43:25

I'm on it. No email from mumsnet! Found out through AIBU and checked list. Was my old password

Minionoftruth Wed 19-Aug-15 07:43:55

I too think they probably have everyone.

How long did they have control for

Kleptronic Wed 19-Aug-15 07:44:41

They didn't get into the system. They tricked people into entering their details on a fake login page, and recorded keystrokes.

They haven't been in the database.

Of course, once they had login details, this meant they could log in as someone, and see that person's PMs, profile etc.

They can't get in with that data now, all passwords have been forced reset.

BudgeUp Wed 19-Aug-15 07:44:46

Does anyone have a link to the list?

hobnobsaremyfave Wed 19-Aug-15 07:45:00

Thank you xx

Whatthefucknow Wed 19-Aug-15 07:45:12

Am I on the list please?

Vixxfacee Wed 19-Aug-15 07:45:32

Can anyone check if my old username vixxface is on the list. I can't remember my old email account or password so I have had to make a new account.

Toooldtobearsed Wed 19-Aug-15 07:45:40

Thank you Altinkum!

Cannot understand what is happening then, my email account is virtually unusable confused

Nishky Wed 19-Aug-15 07:45:42

Would anyone mind checking if I am on the list, thanks

JonesTheSteam Wed 19-Aug-15 07:45:47

Is it possible for someone to check it I'm on the list please? TIA

HarlotOTara Wed 19-Aug-15 07:45:48

Please can you check if I am on the list?

AgentProvocateur Wed 19-Aug-15 07:45:50

Thank you, minion. Appreciate your help.

Enchufla Wed 19-Aug-15 07:45:50

My god...if you think you are the list just go and change your password again

ThumbWitchesAbroad Wed 19-Aug-15 07:45:54

trying not to link the list any more, Budgeup because this site is open to public access

Minionoftruth Wed 19-Aug-15 07:46:32

No harlot

MythicalKings Wed 19-Aug-15 07:46:52

No, What.

HarlotOTara Wed 19-Aug-15 07:47:04

Thank you

Perfectlypurple Wed 19-Aug-15 07:47:07

Was just going to ask that budgeup. A link or copy of the list on this thread or a stand alone thread would be good or threads will fill up with people asking if they are on it.

Pommes Wed 19-Aug-15 07:47:40

Thank you 001, Minion and Altinkum flowers

Minionoftruth Wed 19-Aug-15 07:47:42

No nishky and jonesthesteam

00100001 Wed 19-Aug-15 07:47:44

vixx Whtthefuck

Not ont he list

Toooldtobearsed Wed 19-Aug-15 07:47:48

Enchufla I asked because of the unprecedented problems I am having this morning, not because I don't want to change my password again.

MythicalKings Wed 19-Aug-15 07:48:04

No Nishky

ReallyConfusedDotCom Wed 19-Aug-15 07:48:26

Hi. Could you check if I'm on the list please.

LooksLikeImStuckHere Wed 19-Aug-15 07:48:26

Out of interest, what can they do with the list? If it's just usernames and passwords how have they hacked email accounts?

Or did they publish email as well?

mrschatty Wed 19-Aug-15 07:48:52

Scary!! justine I hope your ok that must have been terrifying flowers

Altinkum Wed 19-Aug-15 07:48:59

Message withdrawn at poster's request.

00100001 Wed 19-Aug-15 07:49:12


Not with that username smile

Minionoftruth Wed 19-Aug-15 07:49:19

No reallyconfused

ghostyslovesheep Wed 19-Aug-15 07:49:27

Can somebody check for me x thank you

Perfectlypurple Wed 19-Aug-15 07:49:49

People would still like to know if they are on the list Enchufla.

Gobbolinothewitchscat Wed 19-Aug-15 07:49:57

I'm on the list and it has freaked me out somewhat - sure that's irrational but it has. I've password changed again but could we have a live chat today with mumsnet re: what has happened? I know that they can't share details of how they protect the site but I think I'd like to be reassured in real time that there are senior IT bods about at night etc.

ReallyConfusedDotCom Wed 19-Aug-15 07:49:59

Thank you brew

Whatthefucknow Wed 19-Aug-15 07:50:10

Thank you

SnakeyMcBadass Wed 19-Aug-15 07:50:12

Where's the list?

Nishky Wed 19-Aug-15 07:50:14

Thank to all of you who checked, really appreciate it.

00100001 Wed 19-Aug-15 07:50:14


They have IP, Username and password

It was from phishing, not from "hacking into MN Databases" or anything like that smile

If everyone changes their password to something different, they haven't got your password anymore smile

Perfectlypurple Wed 19-Aug-15 07:50:33

Could someone check for me please.

Minionoftruth Wed 19-Aug-15 07:50:39

No ghosty

00100001 Wed 19-Aug-15 07:50:51

ghosty not on the list smile

RebeccaMumsnet (MNHQ) Wed 19-Aug-15 07:51:07


I too think they probably have everyone.

How long did they have control for

Hi Minionoftruth,

We believe at this time that the info they have is from phishing (see Justine's OP) rather than from access to the database.

Minionoftruth Wed 19-Aug-15 07:51:35

No purfectlypurple

00100001 Wed 19-Aug-15 07:51:40

perfectly not on the list smile

crazykat Wed 19-Aug-15 07:51:55

Hi, can someone who has the list please look to see if I'm on it.

I've had a few strange emails in the past few days, I get them from time to time but as they're similar to ones mentioned by pp on the first thread I'm starting to worry that's it's not just coincidence.

Lightbulbon Wed 19-Aug-15 07:52:21

Is it just current accounts/usernames/passwords on the list?

I am v careful about what I put on here since I've been on this account.

But I've had other mn accounts (not just usernames) over the years where I've put quite a lot of personal info. I'd be worried if that was all publically accessible.

Minionoftruth Wed 19-Aug-15 07:52:34

Thanks Rebecca,
I'm off today. Happy to be on list check duties grin

Minimonkeysmum Wed 19-Aug-15 07:52:38

Please could someone check if I'm on the list? Thanks. smile

Altinkum Wed 19-Aug-15 07:52:55

Message withdrawn at poster's request.

00100001 Wed 19-Aug-15 07:52:56

PMed you crazykat

cjindigo Wed 19-Aug-15 07:53:02

Could somebody please tell me how to check the list?

Am I on it?

NotMyName123 Wed 19-Aug-15 07:53:02

There is no need to deregister: you will only be on that list if you clicked the button linked to the phishing account and entered your username and password, and if you are on the list you only need to change your password. It could also be an idea to change your email address to one set up only for use with MN - I'm not on the list but since the email account is one I don't use for any other purpose I wouldn't be bothered if I was.

iamaboveandBeyond Wed 19-Aug-15 07:53:16

Can we not just post the link to the list again (it is on @dadsec twitter anyway) so everyone can check for themselves, rather than filling up another thread with literally every poster on the entire site asking if they are on there?

Minionoftruth Wed 19-Aug-15 07:53:20

crazykat yes I will pm you.

Brummiegirl15 Wed 19-Aug-15 07:53:30

I've seen the list, and the number of people with clearly their child's name and full date of birth is shocking!!

LauraGrooves Wed 19-Aug-15 07:53:49

Does look like a phishing scam. I'm less worried now as they didn't have access to the passwords (no one should be able to see these).

Remeber to always look at the URL when logging on!

Altinkum Wed 19-Aug-15 07:53:49

Message withdrawn at poster's request.

diddl Wed 19-Aug-15 07:54:23

If I haven't had an pm, does that mean that I'm not on the list?

Minionoftruth Wed 19-Aug-15 07:54:26

No idea why perfect autocorrected to purfect blush

exLtEveDallas Wed 19-Aug-15 07:54:33


If you are on the list it will be a password from PRIOR to the forced change - UNLESS you used the same password again after MNHQ forced the change.

There are over 100,000 users on this site. It is highly unlikely that SadSack bother to go into everyone's account, it is also highly unlikely that 100,000 people tried to log in to the fake log-in page.

I understand that people are worried, but honestly, each and every one of us are unlikely to be compromised in any way. This sort of cyber terrorism WANTS to instill fear - it's what the SadSack gets his jollies from. A 1000 post thread about him will be his wank fodder for MONTHS.

00100001 Wed 19-Aug-15 07:54:40

minimonkey not on the list

This thread is not accepting new messages.