Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Site stuff

Join our Innovation Panel to try new features early and help make Mumsnet better.

See all MNHQ comments on this thread

Your passwords are vulnerable. Change them.

46 replies

Edw4rdSnowden · 12/04/2014 14:53

Dear Mumsnet

Your 'tech support' (ha) have taken you for a ride. This site's security response to the Heartbleed exposure ( heartbleed.com/ ) has been woeful and anyone with slightest know-how of OpenSSL has been able to grab the logging-in details of Mumsnet users (including administrators). I could post screencaps of the board where this geezer has been posting up how funny he is messing around with mumsnet but that's by the by.

This is especially dire news if you've been daft enough to use the same password for mumsnet as you had for your email addresses and amazon accounts etc.

Change all your passwords immediately, ESPECIALLY if your mumsnet password is one you foolishly use for other services.

Finally I urge you to reconsider whether this website and its administrators take your security seriously.

Your passwords are vulnerable. Change them.
OP posts:
cozietoesie · 12/04/2014 16:14

Change it in a week or two as well.

ballsballsballs · 12/04/2014 16:16

Fuxache.

firstchoice · 12/04/2014 16:16

should we change passwords for paypal etc?
(mine are not the same as for MN but, even so?)

are online banking / paypal ones okay, does any one know???

ItsAllGoingToBeFine · 12/04/2014 16:18

Some of you may or may not find this site reassuring:
www.pwnedlist.com/

It'll monitor lists of hacked accounts and see if your email address appears.

EatShitDerek · 12/04/2014 16:19

This reply has been deleted

Message withdrawn at poster's request.

yourlittlesecret · 12/04/2014 16:20

Not sure I want to put my email into a website about hacking.

cozietoesie · 12/04/2014 16:22

They say they're fine, firstchoice.

That's a fair point Derek. We should be reserving worry for sites where problems can seriously impact lives and not necessarily MN. (I'm sure that if you're found to have been hacked and someone starts to 'abuse random strangers' under your MN guise, MNHQ will treat it sympathetically. Wink)

EatShitDerek · 12/04/2014 16:25

This reply has been deleted

Message withdrawn at poster's request.

RandallFloyd · 12/04/2014 16:28

Oh I'm not particularly bothered about my MN being hacked.
All that would do is make me a bit more interesting for a while!

It was more for other things. I don't think I use the same email/password combo for anything else except ApprovedFood and MyFitnessPal so they're welcome to go nuts there too but I've changed it anyway. Mainly because Rebecca told me to!

PostmanPatAlwaysRingsTwice · 12/04/2014 16:28

yourlittlesecret no just change it to another new one when the bug is fixed. And don't change passwords for other sites to the same one!

Any site running the relevant version of OpenSSL is vulnerable so your data could be retrieved from various places. It's even more of a problem if you use the same password for more than one site as your password could be retrieved from one site then used in other ones to get into your accounts.

EatShitDerek · 12/04/2014 16:29

This reply has been deleted

Message withdrawn at poster's request.

RandallFloyd · 12/04/2014 16:30

If I'd hacked Justine's account I would be bitch plopping all over the shop Grin

cozietoesie · 12/04/2014 16:31

Out of interest, has one single instance of the vulnerability being used by bad guys been identified? (Just because someone has found out that it can be done doesn't mean that it actually has been done.)

EatShitDerek · 12/04/2014 16:31

This reply has been deleted

Message withdrawn at poster's request.

sillymillyb · 12/04/2014 16:32

Someone posted a website with a list of mumsnet usernames and passwords on the other thread. It's been taken down now but there was clearly identifiable posters on there.

RandallFloyd · 12/04/2014 16:32

Pinterest! I hadn't thought of that. Imagine what they could do with my vast collection of recipes I'll never make, sarcastic e cards, and texts from the dog Shock

cozietoesie · 12/04/2014 16:33

Sorry - that would be a 'reliable instance'. I'm sure there are people plopping data from various sources all over the web. Just for badness.

RandallFloyd · 12/04/2014 16:33
MrsWembley · 13/04/2014 22:14

Wha??? I was away? Wha's happ'ning? Who did wha'?

AmyMumsnet · 14/04/2014 10:48

Hi everyone,

We've responded to what's going on over here.

Apologies for all the inconvenience caused by changing passwords, but it's hopefully less inconvenient than someone using all of your hilar Pinterest memes for evil .

AmyMumsnet · 14/04/2014 10:49

Oh God, I can't even use strikethrough effectively. HQ powers are clearly squandered on me.

New posts on this thread. Refresh page
Swipe left for the next trending thread