Stay Safe on Mumsnet

[MumOf4Monster]

Delete your account.
Get a proton.mail account
Don't like it to any other email address of phone number.
Rejoin Mumsnet using this email.
Have a username you don't use anywhere else.
Don't put any real information into the profile or account set up.

Is that better than Hotmail etc?

Why? What's going on?

They are leaking email addresses when comments are reported.

I've never quite understood the paranoia over email addresses.
What dreadful things can happen if someone gets your email address? You might get a bit of spam mail, but how terrible is that? You're not giving out your bank account details and pin number.
I'm sure someone will be along soon to enlighten me.

Some people have their actual names on their email address, don’t they? Eg [email protected].

it’s meant to be an anonymous forum so no I don’t want to giving out personal info like sweets.

Mumsnet IT is the absolute pits, have no idea what they spend their money on.

I can’t seem to access my email account, it says some they’ve detected ‘unusual activity’ on my account. I only use it for mumsnet and only recently signed up with it, after deleting my other account due to the same issue. What’s going on? Will it be due to someone trying to access my email account after being sent given the address?

Who are ‘they’? To whom are ‘they’ leaking, and why?

Please explain properly.

Well no, I mean, someone could do something quite malicious if they had a mind to. I don’t have a mind to, I hasten to add, but knowing someone’s real identify and linking it to MN could be problematic.

If that account is linked to any other site, it could lead to fraud or identity theft if someone were able to build a profile of the user with publicly available information. E-mail is not typically encrypted either, which can lead to possible interception or other phishing attacks.

Basically, the last decade or so of social media is gift that the security services could only have dreamed of years ago. Why try and wiretap people when they will voluntarily share literally everything about themselves online publicly? The NSA and GCHQ missed a trick.

But yes, also the criminals that would love to access such info too.

Who,are,they leaking the email addresses too?

Quite sinister

There was an error of processing, that occurred sometime over the weekend, whereby if you reported a post then you received a response email from MNHQ to tell you they’d received your report. In that email from MNHQ they included the full email address of the person you reported. Some of those email addresses would have the posters real name I. Them as PP said. Anyone maliciously reporting posts (for whatever reason) now potentially has enough information to find the person they reported in real life.

@PlanetNormal what happened was that for an unspecified period of time whenever someone reported a post they got that user's email address in the reply from MN. So if for instance if I had reported your post I would have got hold of your email address.

Doesn't have to be anyone in particular. If the information is found in a data leak on the web, anyone can do with that information as they wish. That's leverage, just like if one website has a mass password database leaked that isn't salted hashed (cryptography terms) which means it's very easy to see what the passwords are and, potentially, compromise accounts linked to that e-mail on other sites if you happen to be dumb/lazy enough to reuse the same passwords.

It's almost a parody in INFOSEC circles to see someone use "password123" as their sole password for any site they use. Then it gets leaked (or a hacker with two brain cells figures it out) and they lose their e-mail, their bank account, their social media etc.

I just checked my emails as I reported a troll over the last couple of days. I can see the email address of the person I reported

@DentonsFringeArnottsWaistcoat @JaneJeffer

Thank you both. Much appreciated.

Hopefully they have sorted this out, it is worrying

So what with the new site and now this data breach I can only assume that MN HQ haven’t used actual IT experts to deal with their technical needs. Because no reputable company can be this incompetent.

Massive breach of GDPR. Mumsnet could be in for a big fine over this.

That is worrying. I mean, I sincerely doubt anyone would post on Mumsnet if they knew their details might be provided to other posters, never mind someone who has an axe to grind with them.

Pretty sure they have disabled reporting. Can anyone else report?

Yes, I have a name associated with my email address.
Someone could link it to all my posts, but where is the problem there? That's assuming that anyone has the time or inclination to do it. How will it benefit them?
It's a bit like being uptight because the postman knows your address.
I don't actually care who reads my posts.

You say that, but everyone from Google to major banks have had things like this happen. The humans can be the weakest link here, which is why you need to be vigilant too, since if a reputable company fucks this, any old random website could potentially be a massive liability to someone who isn't careful with what they post or how they go about using passwords.

Anything on the Internet is written in permanent ink and will never disappear. I pity the kids growing up now where the web is a massive part of their lives daily because this security and privacy nightmare is now much more prevalent.

Yes, I've always used a "Mumsnet only" email address with no identifying information, and haven't given my details. I'll always slightly tweak any potentially identifying information in posts too. I'm not malicious and wouldn't do anything with the information, but I have seen posts that make it so easy to find out who the poster really is, it is worrying given the amount of people out there who would use it for the wrong reasons.

Tangentially, I tracked someone down today. I post as a warning to others.

Nothing to do with mumsnet they were someone who posts on another discussion forum website. No clever techy stuff involved.

The person I wanted to track down posts anonymously. I knew their username and that they are a woman from posts they made.

I found one thread about a forum meet-up she went on. There were photos on the thread and one of the group photos included her and only included one woman, so I knew what she looks like. I found a for sale thread and looked at the photos on it, and clicked on and was linked to a photo hosting site with a real name. The for sale thread also made clear which specific part of which part of the country she lives. Then I found another thread where she helpfully offered to post something on a facebook group for someone. Very quickly found the facebook group and then found her - the one person in the group with her name.

OK, so I don't know everything, but basically roughly where she lives, photo and facebook profile within about 10 or 15 minutes. [As an aside I want to contact her to express my support and I cannot contact her via the website I saw her post on... but I'm not sure a message of support that sounds a bit stalker-ish is a good idea!]

Stay careful out there.

It's almost a parody in INFOSEC circles to see someone use "password123" as their sole password for any site they use. Then it gets leaked (or a hacker with two brain cells figures it out) and they lose their e-mail, their bank account, their social media etc.

The only information I want kept secret is my bank account. My bank has multiple security barriers, so just knowing my email address wouldn't be enough to get into my account.