Due to a security breach we are resetting all passwords across Mumsnet

[RebeccaMumsnet]

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

How long after clicking the link until I receive my password reset?

Just popping on to say I followed the link and reset with no probs.

And the thing that I learned today? That M&S make Honeycomb baileys, which sounds amazing

@HanSolo

MNHQ, please could you answer a question?

Our usernames and passwords have been published online, is that correct? But is that purely the current username, or all our old ones too?

We honestly don't know exactly what's out there and wouldn't want to give false reassurance. Sorry.

@Quinteszilla

How long after clicking the link until I receive my password reset?

It should come through fairly quickly.

Just going to post up here a list of things to check - apologies if you've already done so but this covers most of the bases we think:

If you've asked for a reset but got a blank message or a message asking you to confirm your email address, it sounds as though you didn't confirm your email address with us when you initially signed up to Mumsnet. (If this is the case you'll probably be posting on the app, or via Google or Facebook login, because otherwise people without confirmed email addresses can't post on the site.) Could you search your email for the mail from us that we would have sent when you first signed up, which contains a 'confirm email' link? Once you've confirmed your email address with us, please go through the password reset process again.

If you've received the link but are having trouble with it, try copying and pasting it directly into your browser - sometimes this works where clicking directly on the mail link doesn't.

If you've asked for several reset mails, it may be worth checking that you're definitely clicking on the most recently received one, as they expire after half an hour.

If you're not receiving the reset mail at all, it may be worth double-checking that the email address you're checking is the one that you used to sign up to Mumsnet, as that's the address we will be sending the reset mail to. If you realise that your registered MN address is one you can no longer access, do let us know.

It's also worth checking your spam folder as well.

If none of this works, it may just be the volume of people trying to reset passwords at the moment. Could you give it an hour and then ask for a fresh reset link?

eatyourveg the old passwords have been deleted, you just need to enter a new password.

I came on the ask the same question as eatyourveg. I'm still logged in though, which is a good thing.
:)

@eatyourveg

Trying to change the password on my account, type in my old password which I kept having to use to log in with yesterday but its now saying it doesn't recognise it! How can I change it if I don't know what it is to start with?

If you log out completely you'll be prompted to ask for a password reset link (without having to input your password)

Do we need to make the change even if we have changed the passwords after the security breach? I changed mine yesterday.

So, it's our Mnet nickname(s), internet password that might be published. Not our r/l name - is that right. Can the two be linked please?

If you're logged in, you can see whatever details are in the account profile - but they're pretty darned limited even so. There's far more out there on you on other and open systems.

I suppose if they had access to Justine's account that might have given them access to everything?

I think so Quinteszilla. As far as I know they've just removed all the passwords that were current after this afternoon's security issue. My old password was the one I changed to last night.

@Quinteszilla

Do we need to make the change even if we have changed the passwords after the security breach? I changed mine yesterday.

Yes, sorry - as of about 5pm every single user's password was wiped.

You can log in to your MN account via Facebook or Google (without changing your MN password) if you have accounts there (because those use your FB/Google passwords) - but of course best current advice is to change ALL your passwords, just as a word of warning...

I'm very confused
I didn't get the reset email at all and contacted MN via the contactus@mumsnet email address. Tried my old password and everything. Just received the generic email and haven't a clue if my email address is the one I registered with as it was over 8 years ago (as it's DS2's 8th birthday and I was def on an antenatal thread when he was a bump!)
Anyhow, I just got back in by pressing the "Log me in via Facebook" button, and voila - no password needed - straight in.. and slightly

I'm not going to be able to remember all these new passwords

It's bad enough I have to have 500 different passwords in work

I think I will look upon this as a game of Russian Roulette. I have waited 30 minutes for my email. If it does not arrive, then my MN days will be over the next time I am logged out. Will do me good.

Moln, I changed almost all of mine last weekend routinely. I could have cried when I saw that article on this earlier in the week.

@pepperrabbit

I'm very confused I didn't get the reset email at all and contacted MN via the contactus@mumsnet email address. Tried my old password and everything. Just received the generic email and haven't a clue if my email address is the one I registered with as it was over 8 years ago (as it's DS2's 8th birthday and I was def on an antenatal thread when he was a bump!) Anyhow, I just got back in by pressing the "Log me in via Facebook" button, and voila - no password needed - straight in.. and slightly

Yup, Google and Facebook log-in will get you around re-setting your Mumsnet password; we still know it's 'you' because the email address you used for signing up to Google or Facebook gets cross-checked with your registered MN email address.

The alarming thing here is that MN was apparently hacked before heartbleed went public. So someone knew about it and used it before the general public were alerted.

We only know MN was hacked because the hacker was kind enough to let us know. That at least one person was hacking before the vulnerability was general knowledge and was patched up means that other vulnerable sites like gmail and Facebook may have been hacked too, before the updates, and without us knowing about it. People need to change their MN password, but even those who use other passwords for other things need to be changing those too, not just those they use their mn password for.

Maryz It is all up to MNHQ!

But I dont WANT you mixed up in my Facebook!

My Facebook is all riot, with birthday celebrations of my friends cats tonight! I cant mix these two worlds!