Due to a security breach we are resetting all passwords across Mumsnet

[RebeccaMumsnet]

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

When you say strongly recommend for other sites, do you mean strongly recommend or to be on the safeside recommend, i have lots of sites to change!! :(

Stressed nown - what sort of threat are we talking about here?

Yes, it worked for me. new password and I thought I'd have a name change too.
Bet you can't guess who I was.

now not nown

thanks Rebecca...have some and and

This thread didn't go pfft, so I've just done it, and it worked fine for me.

The thing about changing other passwords, even if they're not the same as your Mumsnet one, is that Heartbleed has potentially affected a hell of a lot of sites - it looks like someone just decided to have fun with the info they got from Mumsnet, which is actually lucky, because it means that MNHQ found out that their info has actually been compromised and they can do something about it. If someone has got info from another site you use, they may not be broadcasting the fact, they may just use it for something nasty.

@LEMmingaround

When you say strongly recommend for other sites, do you mean strongly recommend or to be on the safeside recommend, i have lots of sites to change!! :(

Stressed nown - what sort of threat are we talking about here?

Strongly recommend especially if you use the same password across lots of sites.

It is not just MN that has been 'exposed'. The advice from the media as a whole is to be extra vigilant and reset your passwords.

The info that was gathered was the info that is submitted via the login form which is the username, password and whether or not you ticked the 'keep me logged in' checkbox. They would only gain access to your other information if they subsequently logged in as you. If you reset your password to the same password as before your information won't be secure, so please make sure to use a new password.

I am confused. I tried to re-set, got the email and everything, changed it but then it wouldn't let me in saying password incorrect.

But I am in. I've tried shutting down MN but I can still post.

The email was signed off "the mumsnet team" rather than MNHQ... [suspicious]

I changed my password this afternoon. I've just used the reset link and entered that password and it worked

oh, fuck! i read the link - i dont have any banking online but dp does, so he should definately change passwords then because it said on the BBC link that there was some confusion about whether or not changing password would actually make things worse - can you comment on this?

LEM, I think the threat is worst where you have financial details stored. Most of the big sites like Amazon, and the banks have sorted any vulnerability and should be safe now. There lotys of stuff on heartbleed out there.

My issue is that I use a certain password for lots of non security conscious sites, but can't remember which sites. My big financial ones have discrete passwords though so I should be relatively safe.

Though if someone has my email address and date of birth and can hack things; is it possible that they can get password resets sent to a hacked version of my email address? God, this makes you think doesn't it?

LEM you definitely need change anything that might have had the same password as your MN account.

You also should change passwords for any sites that were vulnerable to the Heartbleed breach. But make sure they have made the necessary changes first.

I would prioritise any login that you definitely wouldn't want other people to have access to i.e. any site where if someone logged into your account they would have access to your bank/card details.

I've not been logged out on the iPad app.

I can't change my password, it tells me that my current one is incorrect

LEM

I'd concentrate on the sites where you're seriously exposed (eg money sites.) As I understand it, if the site is fixed, you can change your password. If it's not yet fixed, you run the risk of relaxing in a heap but having your new password known because the bad guys can still get into the system. That's the 'making things worse' as far as I know. (Athough if they've been at it (and that's a big 'if') for two years and are now going for a last ditch collect, they must be fair drowning in data which they won't find too easy to sort.

Thanks - will change my passwords, have told DP to change his banking passwords although he seems to think NATWEST is pretty safe, it can't hurt to be vigilant can it - trouble is, im so shite at remembering them.

Thanks for looking out for us MNHQ

How do you change your Outlook password?

Would they need your email address to hack you on FB? I use different email address's for various sites.

I changed this password around 8-10 p.m. last night -- should I change again?

My understanding is that if a site is attacked by heartbleed which mn was then the hacker could potentially log in as you on this site, get whatever details are on your profile and post as you .. like they did with Justtine.
The other problem is that once the hacker has your user name and password from here they could try the same user name and password on other sites and potentially log in as you on those sites too.. but if you log in with a completley different user name and password on other sites then its not an issue

Of course mn is not the only site attacked so each one that is attacked gives the hacker another user name and password you use that they can try on other sites..

so the only way to make sure no-one can login as you anywhere si to change all passwords

that said the threat has been out there for months and there hasnt been world wide hacking of everyones accts.. so ..

but well done mn for making sure our user name and pw cant be stolen from here

Someone on the other thread said banks are safer because they don't use the current OS without massively testing the security where others just update.
Anyone confirm that?

You can find out your registered email by

go to 'mymumsnet' top right next to the envelope for your inbox

Select 'my account'

Your email can then be seen and/ or edited and you enter your password if you've made a change.

You can usually change your password in this area too.

Is anyone else unable to reset their password?

I don't think you have any choice, Scout. I think they have removed all passwords that were current this afternoon, so you will need a new one to log in.