Mumsnet data breach - please read
(861 Posts)MNHQ have commented on this thread.
As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts
What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.
Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.
How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.
What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages
They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.
How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.
What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.
Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.
What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.
We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on contactus@mumsnet.com if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.
Thanks to all who brought this to our attention.
Justine
Message withdrawn at poster's request.
Thank you for being so open and transparent.
These things happen, no harm done.
EspressoButler
I haven’t had an email from you.
And I reported a post made several hours ago, in my name, that wasn’t posted by me.
Sorry Espresso - you're right - it's not quite gone to you yet but it's on it's way.
So that's why we had to log back in this morning?
Thanks for the info, BTW
Thanks for the explanation, Justine
However I can't agree with Bombadeer, unfortunately
These things happen, no harm done
They really don't, and yes, I think harm was done...
These things happen, no harm done
I think you'll find some people have legitimate cause to query your opinion.
Thank you for the informative post MN.
Great...
Blimey not sure posters like Bombardier are safe to be allowed unsupervised access to the internet
MNHQ: Just to make you aware, there have been threats to ‘dox all of mumsnet’ by a TRA called Emily Gorcenski.
As a user whose password was breached in the last debacle, I have to agree with tanterose...these thing so DON’T Just happen. I expected that mumsnet would have suitable testing and systems in place to protect users data particularly after being found wanting so badly before.
Not good enough. You are a commercial organisation and need to act like one in terms of the service you provide.
Cock ups like this seem to be happening rather a lot. Considering walking away if you can't reassure us.
Thanks Justine. Is there anything we can do to check if we were affected?
To be honest, I have my concerns given that when I logged back in just now I was offered the option to log in via Facebook, Google or my MN login.
I only ever use individual logins for all sites and don't link any via other sources such as Fb or Google accounts, because of the linked risk of other accounts being attacked through this method.
Can MN advise whether the accounts that have been taken over were ones that were linked to Fb or Google or if they were standalone password accounts?
I appreciate that those who have already identified themselves may be uncomfortable with this, but it may be important for others to understand if there is an additional risk in linking Fb profiles to outside websites in future.
So is my information safe or not?
I also like to check if I have been effected, (before I most likely delete my account). Could you post on this thread telling those of us who would like to check this how we can do so please?
This is really poor MN. Sorry!
I have not been asked to log in.
Is it fair to say that if you were logged in before Tuesday and remained logged in until the forced logout this morning, you should have been safe from anyone accessing your account?
So is my information safe or not?
I would also like to know this.
Will everyone affected by contacted by MNHQ?
Doxxing threats should be taken very seriously. Disposable email and fake name all the way...(sorry MN)
Likeacow I think no your information cannot be said to be safe. Mumsnets track record is poor, and they have demonstrated they haven’t learned from the mistakes.
I am angry about this issue, so many use this site for real support, and data breaches could me catastrophic for them.
I haven't been asked to log back in, I'm on mobile app.
Happening far too often HQ. I think it’s time you had a serious look into security and what you need to do to prevent things like this. Honestly, it’s just too often to be “one of those things”. There’s a real problem with security her at MN.
And MNHQ go silent. Brilliant 🙄.
Join the discussion
Registering is free, quick, and means you can join in the discussion, watch threads, get discounts, win prizes and lots more.
Get started »Compose message
Please login first.