As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts
What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.
Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.
How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.
What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages
They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.
How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.
What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.
Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.
What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.
We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.
Thanks to all who brought this to our attention.
Justine
Please or to access all these features
Please
or
to access all these features
MNHQ have commented on this thread
Site stuff
Mumsnet data breach - please read
868 replies
JustineMumsnet · 07/02/2019 12:40
OP posts:
EspressoButler ·
07/02/2019 12:43
This reply has been deleted
Message withdrawn at poster's request.
Don’t want to miss threads like this?
Weekly
Sign up to our weekly round up and get all the best threads sent straight to your inbox!
Log in to update your newsletter preferences.
You've subscribed!
Please create an account
To comment on this thread you need to create a Mumsnet account.