Due to a security breach we are resetting all passwords across Mumsnet

[RebeccaMumsnet]

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

Costa, who knows how many usernames and passwords are now public knowledge.
So what should mumsnet do? suggest that people might like to change their password, have a lot of people not bother, then have troublemakers out there with a stash of established accounts that they can log in with and cause havoc with for years to come?

So you get a bunch of people every so often finding their account has posted racist bile or trolling or whatever and dealing with the fallout.
People who troll and get rightly banned then claiming it wasn't them, it was the hackers?

It would just drag on and on. This is a one-off solution to the problem.

And apart from that, having to change MN password is a good wake-up call to those who are less security conscious or who haven't quite grasped how vulnerable they are online at the moment because of heartbleed.

what happened with me?! I tried to request and rechange my password twice but it didn't work!

given them a few days to do it

And what would have happened in that few days? There are wind-up merchants out there who would have happily descended on MN over the weekend logging in as established posters and causing no end of mess. If you think changing your password was a hassle, try defending yourself against a load of pissy actions that your account was used for. Someone rifling through your PMs and sending all your mates 'you're a twat' type messages.

And then multiply that by a tonne of posters.

MN had no choice.

I changed my password a few days before your resetting. Do I need to change it again now?

I am happy HQ did what they did. (I have a tiny little feeling they should have done it sooner but hey ho)

Some of us take our anonymity on here very seriously (for various reasons) and if that was compromised (through no fault of my own) I would not be at all impressed.

fab, yes I think you do

Any - I'm happy they did what they did (and I swear I was good beforehand) but it makes one feel a bit policed.

having said that a friend of mine recently joined MN because "I was on there" and I was sort of in case she saw my user name and then threads etc... paranoia!

Bump

I had to change my Pinterest password too and lost all my fucking pins (over a thousand).

now if I could just remember all of them....

Bummer, took me ages to think of one and I can't remember them sometimes. Hence same one for everything until I realised that was stupid.

Now I am confused and frustrated. Asked for password reset email. I can only log in with my old password . What has the point of that? I have already tried to change my password the usual way and it wouldn't accept that either.

Oh really Zing? How very annoying.

You lost all your pins

I would not be happy either!

I do remember one quote though

"Just chuck it in the fuck it bucket and move on"

I've changed my password on my tablet but not on my phone.

I'm posting this from my phone as I haven't needed to re enter any passwords.

If you log out on the phone you'd need to use the new password. It's the same account on both devices.

ok, I'm totally off the thread, but I searched my name in "People" on Pinterest and find myself and the pins I thought I lost!

I don't know how to actually incorporate them into my new "account" so for now I'm following myself.

How marvellously narc

Seriously though, I'm very relieved you found them. I came out in a cold sweat for you!

Anyone seriously concerned about their posts and identity would automatically be changing passwords, I would have thought, but to force everyone to do so is heavy handed. We don't know what, if any, security breaches there have been so it all seems a bit hysterical to me

We don't know what, if any, security breaches there have been so it all seems a bit hysterical to me

All the usernames and passwords were posted on a website.
People were signing in as MNHQ member(s).

We do know that there have been at least two security breaches. The guy who got Justine and a load of other posters passwords but had the decency to tell us about it, and the guy who publicly posted a different list of usernames and passwords for MN on the internet.

Changing all passwords was the only reasonable response.

costa

sorry, but bollocks to that.

HQ did the right thing. it takes 3 mins to change a password and all is good.

Sorry, what I mean is should I still be able to post still using the old password?