Active discussions

Meet the Other Phone. Child-safe in minutes.

Meet the Other Phone.
Child-safe in minutes.

Buy now

Please or to access all these features

Talk

Back to thread
MNHQ

Due to a security breach we are resetting all passwords across Mumsnet

83 replies

RebeccaMumsnet · 12/04/2014 17:32

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

Go to post
MNHQ

RowanMumsnet · 12/04/2014 20:53

@ItsAllGoingToBeFine

If you use login with google/login with Facebook do you need to change your google/Facebook passwords too?

We'll try to find out for sure, but tbh the current best advice is to change everything

MNHQ

RowanMumsnet · 12/04/2014 20:57

@SwedishEdith

Ok, I changed password when I logged on at about 17.30- 18:00?? this evening (all as per the instructions and via the mn email link etc) Then I got another email again about an hour later from mn. Is this just a precaution that's been sent to everyone or....??

Sorry, this isn't deliberate - it did the same thing to me!

MNHQ

RowanMumsnet · 12/04/2014 21:00

@firstchoice

hmm. have tried twice. firstly got 'page not available'. now not got an email to my email addy re password re-set.

so do ALL passwords on all site (ie personal banking / paypal etc) need re-setting????

Apologies and please keep trying - it's being a bit glitchy because of the sheer numbers doing it. (Assuming that the email address you're checking is definitely the one that's registered with us?)

MNHQ

RowanMumsnet · 12/04/2014 21:08

@Maryz

Poor Rowan.

She is missing BGT.

Actually lucky Rowan Grin

Nooo it's worse than that, I'd promised DS1 a trip to Pizza Express somewhere posh for dinner and now he's looking at me like Hmm while playing on the Xbox

MNHQ

RowanMumsnet · 12/04/2014 21:14

Aw don't worry, we get looked after Grin

MNHQ

RowanMumsnet · 12/04/2014 21:17

@trace2

We need to know if mumsnet has been patched because if not then the new password will be as vulnerable as the one it replaces.

Yes we did the patch last week trace2 - our best guess is that the breach occurred before then

MNHQ

RowanMumsnet · 12/04/2014 21:19

@InspirationFailed

I can't change my password.

I clicked the link to reset

Change the password

Try to log in and get the 'unverified account' message and it tells me to click a link in the confirmation email.

But there is no link in it, so I click to resend the confirmation email and get this message (on the photo)

I'm assuming I'm logged in now under my old password (I clicked to log in with google and it logged me in without me having to put any password in)

Hmm that's odd - anyone else finding that the Google log-in is allowing you to circumvent the password reset?

Sorry Inspiration, your photo didn't upload

MNHQ

RowanMumsnet · 12/04/2014 21:20

sorry x-post Inspiration - can you email in to [email protected]?

MNHQ

RowanMumsnet · 12/04/2014 21:26

Ah we've just had a sudden rush of emails saying the password reset mail either isn't arriving or is blank when it does arrive - we're getting Tech to take a look now.

MNHQ

RowanMumsnet · 12/04/2014 21:32

Inspiration, are you posting using the app?

MNHQ

RowanMumsnet · 12/04/2014 21:55

@InspirationFailed

I'm posting using the mobile site, I logged out and tried to log in again and the only way I can do it is to go via google. It hasn't asked me for any password at all. I've emailed.

We've replied to you now Inspiration

MNHQ

RowanMumsnet · 12/04/2014 22:03

@HanSolo

MNHQ, please could you answer a question?

Our usernames and passwords have been published online, is that correct? But is that purely the current username, or all our old ones too?

We honestly don't know exactly what's out there and wouldn't want to give false reassurance. Sorry.

MNHQ

RowanMumsnet · 12/04/2014 22:07

@Quinteszilla

How long after clicking the link until I receive my password reset?

It should come through fairly quickly.

Just going to post up here a list of things to check - apologies if you've already done so but this covers most of the bases we think:

If you've asked for a reset but got a blank message or a message asking you to confirm your email address, it sounds as though you didn't confirm your email address with us when you initially signed up to Mumsnet. (If this is the case you'll probably be posting on the app, or via Google or Facebook login, because otherwise people without confirmed email addresses can't post on the site.) Could you search your email for the mail from us that we would have sent when you first signed up, which contains a 'confirm email' link? Once you've confirmed your email address with us, please go through the password reset process again.

If you've received the link but are having trouble with it, try copying and pasting it directly into your browser - sometimes this works where clicking directly on the mail link doesn't.

If you've asked for several reset mails, it may be worth checking that you're definitely clicking on the most recently received one, as they expire after half an hour.

If you're not receiving the reset mail at all, it may be worth double-checking that the email address you're checking is the one that you used to sign up to Mumsnet, as that's the address we will be sending the reset mail to. If you realise that your registered MN address is one you can no longer access, do let us know.

It's also worth checking your spam folder as well.

If none of this works, it may just be the volume of people trying to reset passwords at the moment. Could you give it an hour and then ask for a fresh reset link?

MNHQ

RowanMumsnet · 12/04/2014 22:08

@eatyourveg

Trying to change the password on my account, type in my old password which I kept having to use to log in with yesterday but its now saying it doesn't recognise it! Confused How can I change it if I don't know what it is to start with?

If you log out completely you'll be prompted to ask for a password reset link (without having to input your password)

MNHQ

RowanMumsnet · 12/04/2014 22:21

@Quinteszilla

Do we need to make the change even if we have changed the passwords after the security breach? I changed mine yesterday.

Yes, sorry - as of about 5pm every single user's password was wiped.

You can log in to your MN account via Facebook or Google (without changing your MN password) if you have accounts there (because those use your FB/Google passwords) - but of course best current advice is to change ALL your passwords, just as a word of warning...

MNHQ

RowanMumsnet · 12/04/2014 22:31

@pepperrabbit

I'm very confused Sad I didn't get the reset email at all and contacted MN via the contactus@mumsnet email address. Tried my old password and everything. Just received the generic email and haven't a clue if my email address is the one I registered with as it was over 8 years ago (as it's DS2's 8th birthday and I was def on an antenatal thread when he was a bump!) Anyhow, I just got back in by pressing the "Log me in via Facebook" button, and voila - no password needed - straight in.. Confused and slightly Shock

Yup, Google and Facebook log-in will get you around re-setting your Mumsnet password; we still know it's 'you' because the email address you used for signing up to Google or Facebook gets cross-checked with your registered MN email address.

MNHQ

RowanMumsnet · 12/04/2014 22:41

@Maryz

Bump Quint up to the top of the "posters who need a reply queue will you?

[ingratiating Smile]

We honestly don't know why the reset emails aren't getting through!

MNHQ

RowanMumsnet · 12/04/2014 22:43

Sorry, that wasn't meant to sound as defensive/short as it did Wine

We don't have a way of manually ensuring that the reset email gets through. If you see what we mean...

MNHQ

RowanMumsnet · 12/04/2014 22:59

@Friedbrain

I have no.idea...??????

MNHQ????

My name wasn't anything like.this.before...

I do feel like my brain is fried tho :)

Nothing in.history.... Shock

You've set up an entirely new account, it seems! If you want to mail in to [email protected] letting us know who you used to be we'll try to sort it out for you (but to be honest it may take us a day or so)

MNHQ

RowanMumsnet · 12/04/2014 23:03

@BiscuitCrumb

I requested a password change and nothing... Not in spam either.

I'm now worried Rebecca's OP is a hack and we are all entering email addresses and clicking on links and exposing ourselves more? - paranoid moi?!?!

Sorry you're having trouble Biscuit - here's our exciting, ever-evolving list of things to double-check:

*

If you signed up via Google or Facebook, there's no immediate need for you to change your password on Mumsnet - you can just carry on signing in via Google and Facebook. Best advice at the moment is to change all passwords for all services, but that's entirely up to you. Right now you won't be able to change your Mumsnet password because users who signed up via these methods didn't have their email addresses 'confirmed', and without a confirmed email address the reset password email won't reach you. The short version being - please carry on using Google or Facebook to log in and don't worry for now about changing your MN password.

If you've asked for a reset but got a blank message or a message asking you to confirm your email address, it sounds as though you didn't confirm your email address with us when you initially signed up to Mumsnet. (If this is the case you'll probably be posting on the app, or via Google or Facebook login, because otherwise people without confirmed email addresses can't post on the main site.) Could you search your email for the mail from us that we would have sent when you first signed up, which contains a 'confirm email' link? Once you've confirmed your email address with us, please go through the password reset process again.

If you've received the link but are having trouble with it, try copying and pasting it directly into your browser - sometimes this works where clicking directly on the mail link doesn't.

If you've asked for several reset mails, it may be worth checking that you're definitely clicking on the most recently received one, as they expire after half an hour.

If this still doesn't work, it may just be the volume of people trying to reset passwords at the moment. Could you give it an hour and then ask for a fresh reset link?

If you're not receiving the reset mail at all, it may be worth double-checking that the email address you're checking is the one that you used to sign up to Mumsnet, as that's the address we will be sending the reset mail to. If you realise that your registered MN address is one you can no longer access, do let us know.

MNHQ

RowanMumsnet · 12/04/2014 23:05

@Friedbrain

How did I manage that?

I only requested a new password?

If I set up a whole new.account (don't know how tho) how did it just choose a name for me???

In all honesty we've got no idea. People who register without choosing names do get assigned a random username, but it's usually a fairly incomprehensible string of letters and numbers...

MNHQ

RowanMumsnet · 12/04/2014 23:11

We will try to get to the bottom of it, although in all honesty it's probably not going to happen tonight... sorry

FWIW we've had a couple of mails saying Hotmail and Yahoo mail both seem to be struggling tonight (with their own issues) - so it's possible that some of these non-receipt issues are to do with your email providers rather than us. But we'll try to work it out.

MNHQ

RebeccaMumsnet · 13/04/2014 10:47

Morning y'all,

Apologies to those waiting for a reply to an email, we are ploughing through the squillions of mails but it will take us some time to reply to them all.

MNHQ

RowanMumsnet · 13/04/2014 11:05

@CoteDAzur

I'm curious about what kind of personal data was at risk here (except MN passwords, which no hacker cares about, I'd imagine).

Does MNHQ store any personal data about MNers?

For example, are Secret Santa recipients' home addresses stored in MN servers under their MN nicknames along with their real names?

No Cote, Secret Santa stuff is in an entirely different spreadsheet.

MNHQ

RebeccaMumsnet · 13/04/2014 11:11

@CoteDAzur

I'm curious about what kind of personal data was at risk here (except MN passwords, which no hacker cares about, I'd imagine).

Does MNHQ store any personal data about MNers?

For example, are Secret Santa recipients' home addresses stored in MN servers under their MN nicknames along with their real names?

Tech posted here about it. They would have only seen NN and password but could've seen other info if they had gone to the trouble of logging into MN as you.

The addresses for the appeal are not in the same area at all and we have no reason to believe that these have or could be accessed.

Watch this thread for updates

Tap "Watch" to get all the latest updates