Active discussions

Meet the Other Phone. Protection built in.

Meet the Other Phone.
Protection built in.

Buy now

Please or to access all these features

Talk
Site stuff

Join our Innovation Panel to try new features early and help make Mumsnet better.

See all MNHQ comments on this thread

Original poster

3 social networking sites have been hacked and 8 million passwords published. So, I ask you MNHQ

32 replies

QuintessentialShadows · 07/06/2012 23:34

Are we safe?

Are you encrypting, are you salting and hashing, etc?

Are your algorythms up to scratch, and can you tango the hackers away?
Are we firewalled and ringfenced, or are we in a bell tent in a gale?

I would hate to see Justine make announcements such as LinkedIn and Eharmony, and Last.fm has had to do.....

OP posts:
Snorbs · 08/06/2012 09:45

At present your passwords are retrievable (by you) but we will change that over the next week or so to add another level of protection.

Sorry, are you really suggesting that it's possible for me to retrieve my password from mumsnet? Ie, not just a link to reset it, but to actually see what the password is?

MNHQ
Tech · 08/06/2012 09:49

Yes that is possible.

Snorbs · 08/06/2012 10:53

Yikes! So rather than simply using hashes, you're either using reversible encryption (not a good idea for passwords) or you're simply storing passwords in plaintext (really not a good idea for passwords).

Either way, that's an, um, brave design decision. Bordering on the courageous in fact.

Good luck with the "let's make sure we follow industry best practises for security" project!

tharsheblows · 08/06/2012 10:58

Snorbs, it's in your registration details.

Increasingly I rely on passphrases - am saying this so I can link to the xkcd comic here. You can make them so they're effectively unhackable by brute force methods.

Original poster
QuintessentialShadows · 08/06/2012 11:17

For those of you using LinkedIn, Scammers are now sending fake emails purporting to be from linked in. Be careful before you click any linked in, scrutinize the email sender, etc.

LinkedIn released a statement saying they would send emails out to all the users whose security was breached, with instructions how to reset their passwords.

Surprise surprise, some people are now literally "flooded" by emails from linkedin, taking you to sites where you can buy viagra, etc. The problem of course is that when you click the links, you think "ah viagra, this was a spoof", but there might be a little script downloaded to your computer which will register your pc with a botnet. SO as always, be vigilant.

End of Customer Services Announcement.

OP posts:
Harr1etJ0nes · 08/06/2012 13:51

Where else has been hacked then?

Original poster
QuintessentialShadows · 08/06/2012 15:20

Dating site eharmony and last.fm. Last.fm has said that they will NOT email out instructions, members should visit their blog for instructions.

OP posts:
New posts on this thread. Refresh page