AIBU to say Mumsnet have lost my trust.

[Beelzebop]

We discuss all sorts on here. From colours of duvet covers to rape. And you let someone steal all our secrets and honest conversation.
It takes you 48 hours to tell me.
Daily Mail anyone?
Poor show indeed Mumsnet.

That is concerning for me because under another username I reached out for support here and in the other place (hellhun) both places attacked me but I found some support here I could have killed myself if I hadn't

That's the fucking reality here yes it's a data breach everyone has them but it's still a worry for those that don't have real life support

I keep Mumsnet logged in on one device. Does that mean I would less likely be affected?

I'm quite concerned that despite MNHQ actually saying people had accessed other users accounts, and were able to see private and personal information, Chloemol is posting that this hasn't happened

How can you read this

a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

but then post

have apologised and confirmed that no one could actually get into your account.

I didn't get an email. I've even checked my junk mail.

I've not had any emails at all.

Only reason I knew it happened was the thread on here being in most popular

Step back a minute and think about this rationally. I'm not saying this wasn't bad, or upsetting, but in terms of the scale of harm, look at the reality. Most people who accessed other people's accounts were so confused by what was happening, that as soon as they realised that they had the wrong username, they logged out again and logged in until they got their own username again.

Even if they didn't, they got posting history. Well, you can get that from Advanced Search, so the only advantage is knowing name-changes. Unless they are going to sit and write down name-changes, that isn't going to be hugely significant.

The big one is email address, which could identify you personally. But they'd have to go into your profile to see that, and it's not the first place most MNers go.

I honestly think that most people would simply have thought "this isn't my username " and logged out until they could get back into their own.

It's a significant data breach to expose people's email addresses though - addresses which could 'out' them - whether harm was done or not.

It's for the Information Commissioner to take a view and give advice to MN (The Company), in the context of the number and type of data breaches in recent years.

Well you don't have to post here if you're so gravely concerned.

bbcessex

Donkey.. password. Email address. Linked to other accounts.

My Spotify & Netflix breached on Wed & Thur. coincidence?

If you use the same password for every account that's your problem. Companies can do all that they can to keep you secure, but frankly, the hackers are better. You are extremely naive if you think otherwise.

And keeping the same password for everything is just stupid. Easy passwords, again stupid. Password123 is not secure in the slightest, it will get cracked in seconds with a dictionary attack. Any password in fact that doesn't include: capitals, lowercase, special characters AND numbers will be cracked very easily. You need all 4 to be secure and for it to be at least 12 characters long, I personally stick to 16 minimum for anything related to banking or buying.

My password for mumsnet is different to everything else I use, and it's a shorter one because there are no personal details on here that I give a crap about. They have access to my email address only, but they don't have the password for that, and that's not been cracked.

You want to know if you've been hacked? Go here and try it. You will find out if you've been hacked or not and if you have, someone has bought your details already.

haveibeenpwned.com

I work in security. We can only do so much. The worst line of defence is the users themselves. Bad passwords are a big issue and no one takes it seriously. Despite the fact people keep getting hacked.

You want tips on remembering decent passwords? Pick 3 things you like and join them together to make a password.

Example: D0gs&bak1ng&l3smi$erabl3s

That's not mine obviously. Just an example. But it's easy to remember when you include what you enjoy.

Mumsnet explained why it happened, a it upgrade which they have now backed out off. Often until they go live with something you may not find an issue.

That’s what testing is for...

But regardless of what went wrong in this particular case, it does seem really odd that MNHQ’s response was so casual initially. 12 hours after it was reported to MN the problem was still happening, despite Tech being notified soon after Worra reported it. That shouldn’t be happening.

I think a lot of the people who pat themselves on the back over how worldly-wise they are on this type of thread (“well just use a burner email, you are being very very naive if you think anything’s secure online!”) are still seeing the internet as some sort of lawless Wild West. Mumsnet is a huge business, it’s not your mate’s GeoCities homepage guestbook from 1999.

Should testing account for the effect of two accounts logging in at exactly the same time, though??

Often until they go live with something you may not find an issue.

Heh, not true if you do your job properly. I'm guessing you don't actually work in IT and are just guessing. The rest of your post is also just guessing.

On a site with, what, over 1 million accounts? Yes.

@Santaclarita

That's all very interesting but nothing at all to do with what happened on MN with this issue. It wasn't people's passwords that was the problem, it wasn't a 'hack'. It was their own fault when they changed a service.
And the passwords could not be seen by the person who had access in error nor changed, so talking about passwords is irrelevant.

Heh, not true if you do your job properly. I'm guessing you don't actually work in IT and are just guessing. The rest of your post is also just guessing.

Let's face it though mn probably don't have an incredibly great security team. They don't take payment details and before gdpr came out they probably just chose the cheapest option for security.

Although it's scary how many bigger companies refuse to spend money on security as well..

It’s the bloody internet - nothing is “safe” on the internet so don’t kid yourselves otherwise. You can take reasonable steps to safeguard information you don’t want falling into the wrong hands but ultimately you take your chances or stop posting.

Sorry Santaclarita, I get your point but your example...

Dogs&baking&lesmiserables = easy to remember
D0gs&bak1ng&l3smi$erabl3s = not easy to remember at all

I wouldn’t have a hope in hell of remembering that combo!

VanGoghsDog

I know but the person I was referring to in my post was trying to blame mumsnet for their Spotify and Netflix accounts being hacked. When if they actually used different passwords which they clearly don't, it wouldn't have happened.

If we face facts in this instance, someone out there will have got access to one of those accounts. They then assume that like most people, that person doesn't bother changing their password. They now have access to everything. That's not completely mn/spotify/Netflixs daily, but the fault of the user for keeping everything the same. Hackers understand human nature to keep things simple.

I wouldn’t have a hope in hell of remembering that combo!

You do, just keep things the same if that's easier. Change your e's to 3 and so on. My example is more complicated to give an example. Although your version with a number at the beginning or end would be fine too.

Hi Santaclarita

I also work in technology; I don’t use the same passwords for any site.

Spotify confirmed my account was ‘taken over’ (their words) by an unknown source and have reset it.

Netflix was acccessed from Brazil (quite enjoyed the Portuguese language for a day).

I acknowledge this can happen. My point is - Mumsnet need to raise their game.

bbcessex

Why was it a coincidence then that someone else had gotten access to your Spotify and Netflix accounts? Hardly a coincidence if you knew that, and it's got nothing to do with mn. You would know that if you worked in technology too, since they said it was an update not a hack.

That kind of stuff happens sadly. But you can't blame mn for it or say its a coincidence that your account on here got breached then suddenly so did Spotify and Netflix.

Santaclarita
I received the mumsnet email.
I just entered my email address in haveibeenpwned and it said there had been one data breach and a 'paste'.
Please could you advise what I should do now?

I can say it is a coincidence, Santaclarity, because it is!!

Spotify online support rectified last night. Netflix password reset on Thurs eve.

I’m not sure what your point is? My email address is the same for Mumsnet and all my accounts (except professional ones).

Change your password regularly. Don't use the same password you use elsewhere. Delete an private messages. Keep your stored data to a minimum.

ravenshope

Change your passwords immediately. On anything associated with your email address. Just to be safe really, but change them on anything with the same password as well.

bbcessex my point is you were trying to blame them for it when it's not their fault. Both are different situations. No point trying to be sly and suggest it mns fault when it isn't.