The data breach, aibu it’s really not a big deal?

[Blackbear10]

So I received an email stating I was one of the 40 something users that had their accounts breached on MN. (In fact I was send the email 3 separate times)

Is there something I am missing? People seem to be getting very irate about the breach but I’m genuinely not sure what the problem is?
All the breach would’ve shown was your email address and any pm’s or old users names, surely that’s not an issue?

From the amount of ‘I’ve changed username for this’ posts when something isn’t even remotely outing I cannot for one second believe people have outing or detrimental info in their pm’s. I thought the whole point was people were desperate that nobody recognises them so they are unlikely to put real information on the site even in pm’s.
It’s really not like they would be pm’ing ‘Hi next door neighbor Susie, here’s my bank details for the money I owe you, oh and don’t read my posting history or you’ll see where I slagged off your CF’ing parking)’

It seems like users are baying for blood and taking it all incredibly seriously but honestly how has the breach actually affected you in anyway?

So AIBU to think the breach is not a big deal and not be remotely worried about it?
Or does someone want to educate me on what I’m missing?

What I don’t understand is what are the people baying for blood actually wanting to happen?

What harm has been inflicted so far?

Agreed!

I don't get it either.... as someone who works with sensitive data, data breaches happen more often than people would dare to think about.

I got the email earlier this evening about it although I had already read about it on bbc and followed up with the sticky threads.

But it is potentially identifying data which has been breached, isn't it?

If the viewable information was your email address [which for some users could contain details of their real name i.e. [email protected] or be the email they use every day and potentially recognisable as belonging to that user].
Add to that PMs which may contain further potentially identifying information and previous posting names and I guess that interested people might be able to put two and two together.
This might be a worry for those posting for support about DV and/or leaving an abusive partner or holding 'contentious' views which enrage MRA/TRAs on the feminist board.

Has anyone else noticed the MN has been quieter the last few days? Trending post normally have 5+ pages of comments on them, easily. Now most only have about 1 or 2. Shows how sad I am but I've kind of missed it tbh.

Have been more productive though.

@howdyhihihi I noticed too. I thought it may have been an issue with people getting access but now I think it's s trust problem and the coverage this has had made people wary

Tbh I've still been unable to log using chrome but can in safari (so password etc. works fine). And I wasn't, so far as I know, involved in the breach.

Maybe thats impacting a few other people.

Nah I don’t care either but by law they have to inform you

I am inclined not to care either. I haven’t said anything illegal so what is someone gonna do with my email address?!

I kind of agree.

Whilst data breaches are not great, I doubt if anything seriously bad happened, and as some people have said, most people don't use their regular email address anyway, OR their real name. And even if a stranger DID see your private messages, so what? They won't know who you are. And the upshot is that the vast majority of people are OK and decent and would not do anything with the info anyway.

What are the chances that someone dodgy and nasty ends up logging logging into someone else's account, who is using their real name, and has their home address and kids names and workplace name inside their private messages?

An extremely slim chance.

I reckon the ones who shouted and moaned the loudest were the ones with the least to complain about. I bet they weren't even affected.

Shit happens. No-one died. Get over it. Some of the reactions about it on here have been laughable.

I think it is because some people are way over invested in mumsnet. What it should be used as is a timely reminder that you should never post anything online that you wouldn’t say in real life and if you really must then use a fake email etc etc etc. Nothing you post online is completely safe and never will be.

I was just annoyed because I couldn't log in for a couple of days on my phone.... I had to browse mumsnet without being able to post!
Mumsnet is better than a soap opera when you're sitting on the couch breastfeeding a baby for hours every day.

@catscratcherclub was this a MN thing?

The last time it happened when armed police turned up at a posters house because of the hack totally freaked me out though

lordvoldetort yup - it was a very strange feeling watching it being played out in front of you as the hacker was engaging / taunting people both on the site and on Twitter.

www.standard.co.uk/news/uk/armed-police-swoop-on-home-of-mumsnet-boss-after-fake-call-from-dad-hacker-a2916401.html

"The thing is though what are the chances of a user finding a person known to them in real life on MN then the ‘victim’ being one of 40 that had the data breach whilst also having revealing info so that the non victim could blackmail them? "

Doesn't that imply that everyone involved are benign MN users?

Have a look at a site like haveibeenpwned.com/

There are hackers hacking everywhere - the '40 users' could very literally be (in part), bots, hackers, etc.

it was an IT fuck up. It happens.

Quite a major fuck up, though. Logging in to an account and expecting it to connect to that account is the most basic of expectations, and I can't say I have much faith in MN's testing procedures if they did check for that. I have the impression it was just luck there haven't been more severe consequences, rather than the result of careful planning and extra precautions, but I could be misjudging them.

Part of my job involves publishing to a website. Doing that alone has shown me that once something is in the internet it is pretty bloody hard to get rid of it.

Google/bing/yahoo etc all those search engines cache the data unless you specifically request they don't and then it's only a request and not legally binding. To get that data removed is painful, and even when it's gone from a search engine you don't know it's not in another website already or on someone's personal computer.

For example with mumsnet... daily fail, reddit, daily mirror l, local news sites all pick up stories and re post with comments. Even after mumsnet hq may have removed the post for safety/legal reasons.

Hell even gchq monitor phone calls and text messages and email!

As someone said above. Don't put anything on mumsnet or on the internet in general (including private messaging sites like whatsapp) or even in texts that you wouldn't say to someone in real life face 2 face.

That does make it harder for the dv/rape/child abuse cases but one would hope that they have come here because they are already or on the verge of acting upon their trauma and therefore would be telling someone IRL anyway.

Like another pp mumsnet is a good source for basically having a natter and fun while you have your tits out feeding baby for the millionth time or sat in your pjs which you couldn't do with your friends in the coffee shop.

Logging in to an account and expecting it to connect to that account is the most basic of expectations, and I can't say I have much faith in MN's testing procedures if they did check for that.

Exactly my thought when I read my MN email @Ebearhug it all came across as amateurish. It would be interesting to know if their IT bods even have formalised test scripts.....