Top Talk topics
Most popular
Meet the Other Phone. Protection built in.
Please create an account or log in to access all these features
Add post
Watch this thread
Save thread
Start a new thread
Hide thread
Hide shortcut buttons
cozietoesie · 10/04/2014 10:17
Without wanting to start a scare where the reality of the problem might be limited, are MNHQ recommending a change of password to users given that Mumsnet looks at the moment to be one of the sites classified as vulnerable?
RowanMumsnet · 10/04/2014 10:32
Hello - we do understand people's concerns about Heartbleed; we've asked Tech for their viewpoint and will post it up when we have it.
ShamTech · 10/04/2014 10:47
Hi all. Thanks for your concerns.
Firstly, we already applied the fix to our servers shortly after the news broke. You can check for yourselves at filippo.io/Heartbleed - just type mumsnet.com into the field and hit the button.
Secondly, due to the fact that user passwords on Mumsnet are not revealed, not even to the user of the account, there is no way for anyone who may have been able to masquerade as you using the Heartbleed bug, to find out what your password is. And because they need to know your password to change your password, they would also not have been able to lock you out of your own account.
We have no evidence whatsoever of anyone's account having been compromised at Mumsnet. From Tech's point of view, you should not need to change your password.
ShamTech · 11/04/2014 23:49
Thanks to all for your patience and for bringing all this to our attention. As can be seen, we are as vulnerable as any other site using password logins. Despite our best efforts, somebody clearly took advantage of the published vulnerability before we applied the fix earlier this week. As Keepithidden points out the damage was thankfully minor. And whilst we do encrypt passwords on our side, if you do use the same password for other sites, it would be prudent for you to change your password.
In the next few days we will be posting some useful information for protecting yourself on the internet. Until then, thanks again for everyone's help in uncovering this and bearing with us. We'll keep doing our best to respond to these threats as quickly as we can.
Tap "Watch" to get all the latest updates
There are no more MNHQ posts on this thread