Due to a security breach we are resetting all passwords across Mumsnet

[RebeccaMumsnet]

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

I have squillions of passwords.
I will be at this all week day

I've lost my username that I have had for 2 years I definitely only ever used 1 email. There was a username that I definitely do not remember picking.

I heard that the latest advice was to NOT change passwords as the hackers 'know' people now, or something and a changing passwprd would flag up on their systems...

Morning y'all,

Apologies to those waiting for a reply to an email, we are ploughing through the squillions of mails but it will take us some time to reply to them all.

NOTWITHOUTMYBLANKEY

So I'm not the only one!

Eden that sounds like something a hacker would say.

If websites are still vulnerable you shouldn't change your password, or change it, then change it again once it has been fixed, because someone might be listening in on your password change.

But if the website has been fixed, absolutely change your password. Who knows if it was stolen before the fix was implemented?

I'm curious about what kind of personal data was at risk here (except MN passwords, which no hacker cares about, I'd imagine).

Does MNHQ store any personal data about MNers?

For example, are Secret Santa recipients' home addresses stored in MN servers under their MN nicknames along with their real names?

That sounds like bad advice. I don't think this leak works like that.

noble is right your password should only be compromised if you change before a site has applied the fix, because they can just ask the server for your new one. But that shouldn't stop you changing it. You just need to remember to change it again once the site has been fixed.

@CoteDAzur

I'm curious about what kind of personal data was at risk here (except MN passwords, which no hacker cares about, I'd imagine).

Does MNHQ store any personal data about MNers?

For example, are Secret Santa recipients' home addresses stored in MN servers under their MN nicknames along with their real names?

No Cote, Secret Santa stuff is in an entirely different spreadsheet.

So no personal data about MNers is ever kept by MNHQ and hence no personal data was at risk with this security breach?

@CoteDAzur

I'm curious about what kind of personal data was at risk here (except MN passwords, which no hacker cares about, I'd imagine).

Does MNHQ store any personal data about MNers?

For example, are Secret Santa recipients' home addresses stored in MN servers under their MN nicknames along with their real names?

Tech posted here about it. They would have only seen NN and password but could've seen other info if they had gone to the trouble of logging into MN as you.

The addresses for the appeal are not in the same area at all and we have no reason to believe that these have or could be accessed.

OK, thanks.

Ooo a special RED sticky title.

MNHQ

I'm not the only one with a random name change!

Iv come across 4 different people looking at.other threads this morning!

Can I just change my password without waiting for the email?

Whenever i'm using a namechange (such as now) if i log in, i use my email to log in. If they could see everything entered on the log in screen, does that mean they have my email, and therefore my real name too?

@Friedbrain

MNHQ

I'm not the only one with a random name change!

Iv come across 4 different people looking at.other threads this morning!

I'll PM you - hang fire...

That is not quite true, as I got the link to the site that had the info, and they went in before bleeding heart was made public and posted stuff like this? They probably have much more than what was posted. I removed some info, they did have our emails, nn's and passwords.

Tue Apr 8 23:57:42 2014,username=.hansenltd%40gmail.com&password=sp1ck

I haven't reset my password yet but am now online??

I was waiting for the email (received two late last night a few hours after I sent off links and was too late to reset password as not within 30 min). Sent off another one this morning for a reset, but not received email and haven't been logged on all morning.

I've just come on thread to see if I can work out what's going on and I'm now logged back in, but I haven't logged myself in. Is this bad?

Thanks cider. Yes, I will have to write them all down somewhere for the time being.

I reset my password last night on both the main site and the mobile site but have just received an email about changing passwords. Does this mean I have to do it again?

I don't have the same email address that I signed up with but I haven't been signed out either. I only ever post from my iPhone and iPad. What should I do?

@TheWoollybacksWife

I reset my password last night on both the main site and the mobile site but have just received an email about changing passwords. Does this mean I have to do it again?

No, you should be fine

@Llareggub

I don't have the same email address that I signed up with but I haven't been signed out either. I only ever post from my iPhone and iPad. What should I do?

For now, just don't log out! You can email us at [email protected] asking us to update your email address - please try to include something only you and we would know about you (eg postcode if you ever gave that to us) so that we cn verify you're the genuine account holder - we don't want to reassign people's email addresses willy-nilly

Changed mine - pressed link just now, got email within 30seconds and all seems to be ok with my username too :-)

I have changed my PayPal and amazon just in case. They weren't the same password, but similar. They are all now different. And I have forgotten them all :-(