Active discussions

Meet the Other Phone. Child-safe in minutes.

Meet the Other Phone.
Child-safe in minutes.

Buy now

Please or to access all these features

Talk

Back to thread
MNHQ

Due to a security breach we are resetting all passwords across Mumsnet

83 replies

RebeccaMumsnet · 12/04/2014 17:32

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

Go to post
MNHQ

KateSMumsnet · 12/04/2014 17:47

@AryaOfHouseSnark

So do we change now, or will you do it later Confused Sorry to be a thicko.

Not thick at all Arya - you need to do it now via this link

MNHQ

RebeccaMumsnet · 12/04/2014 17:51

@EatShitDerek

Can I type in the password I already have? I wont remember it if change it

Nope, please think of something new.
We also strongly recommend you change it for other sites too.

MNHQ

RebeccaMumsnet · 12/04/2014 17:52

@ThePearShapedToad

Seconded velma

Tell us something only MNHQ would know Grin

Bear
MNHQ

KateSMumsnet · 12/04/2014 17:54

@ThePearShapedToad

Seconded velma

Tell us something only MNHQ would know Grin

Bear Bear Bear

Think that says it all Wink

MNHQ

RebeccaMumsnet · 12/04/2014 17:54

@WorraLiberty

I'm confused

What time are you removing the passwords from your system and shall I click the link in the OP now and change?

Passwords have now been removed - so you won't be able to get back in until you have reset.

MNHQ

RebeccaMumsnet · 12/04/2014 17:56

@VelmaD

Stupid question, but how do we know this is you? And not hackers again, after they posed as Justine? (completely aware I am completely over panicking)

We are us

Defo MNHQ staff, Justine is Skiiing and we've been on the phone to her. I am working from home in sunny Bath and Kate and Tech are in Laaandaan. Lots of folks around the country all working for MN and we booted all admin out and we've all logged back in again just before all of this.

Don't make me post a selfie Wink

MNHQ

RebeccaMumsnet · 12/04/2014 17:58

@LackaDAISYcal

I logged out and got the reset message when I tried to log back in with my existing password.

I think that this thread needs to be at the top of the stickies, and in Big Shouty Capitals rather than tucked away in lower case at the bottom of them Not everyone goes through active convos or even reads stickies, so are you emailing users to ensure everyone sees it?

Also, what other information has slipped out? Registration details? email addresses, dates of birth and real life names?

What good will changing passwords do if the info is already out there?

We are working on the shouting and you will receive an email too.

IF they managed to copy passwords before we put the fix in place, then this will render the info they have obsolete for MN.

I will ask Tech re further info and see if he can pop over and post...

MNHQ

RebeccaMumsnet · 12/04/2014 18:02

tbh, we hold very very little info on MNetters as a whole. I have asked Tech to pop over.

MNHQ

RebeccaMumsnet · 12/04/2014 18:04

@BeerTricksPotter

It doesn't have to be the original email. It was sent to my new one, when I put that one in.

Does that mean it's still open to nefarious behaviour , or did it allow it because the new email address was on the system?

Mail in Beer, I'll take a look

MNHQ

RebeccaMumsnet · 12/04/2014 18:08

@LEMmingaround

When you say strongly recommend for other sites, do you mean strongly recommend or to be on the safeside recommend, i have lots of sites to change!! :(

Stressed nown - what sort of threat are we talking about here?

Strongly recommend especially if you use the same password across lots of sites.

It is not just MN that has been 'exposed'. The advice from the media as a whole is to be extra vigilant and reset your passwords.

MNHQ

ShamTech · 12/04/2014 18:09

The info that was gathered was the info that is submitted via the login form which is the username, password and whether or not you ticked the 'keep me logged in' checkbox. They would only gain access to your other information if they subsequently logged in as you. If you reset your password to the same password as before your information won't be secure, so please make sure to use a new password.

MNHQ

RowanMumsnet · 12/04/2014 18:44

Hello

You won't be forced out of a session - ie if you were already logged in and posting when the forced password reset occurred, you won't have been forcibly logged out. You will be forced to change your password next time you need to log in though.

We are sending a message to everyone on our database with the exception of those who've specifically asked to receive no email from us; that will go out soon, probably before the end of today.

MNHQ

RowanMumsnet · 12/04/2014 19:03

@StolenStollen

I've clicked the link and submitted my email but I haven't got an email from HQ yet. Do I try again or email hq?

Hello - are you checking the email address you used when you registered with MN?

If so, might be worth checking in the spam folder.

If that doesn't work, try asking for a new one - loads of people are re-setting at the moment so there may be a few glitches.

MNHQ

RowanMumsnet · 12/04/2014 19:35

Sorry all - obvs there are thousands of people changing passwords right now so there's a big load on the system. Plus (human error and all that) it may be that the password you set on the reset page isn't exactly the same as what you're trying to log in with.

So it may be you have to do the reset process more than once - not ideal we know but it's worth a try.

App users - unfortunately we're limited in what we can do on the app, particularly over a weekend - it's one reason we're making our own new one. App users will hopefully see the sticky - if not they will (so long as they haven't opted out of all email) be getting our mass email at some point later on today.

MNHQ

RowanMumsnet · 12/04/2014 19:39

@StolenStollen

HQ, I've emailed you on [email protected] email.

Thank you - we're afraid we're absolutely drowning in mail from people at the moment so it may be a while before we get back, but we'll be as quick as we can.

MNHQ

RowanMumsnet · 12/04/2014 19:41

@RandallFloyd

More Rowan?

About four pints please

MNHQ

RowanMumsnet · 12/04/2014 19:46

@LocalEditorMerton

Any value in posting thread across all the Local sites too HQ?

That's a good point but sadly it's not something we can easily do I don't think - we'll take a look

MNHQ

RowanMumsnet · 12/04/2014 19:56

@RandallFloyd

Just realised I only have virtual gin I'm afraid. If you want actual booze I have a bottle of cider and some honeycomb baileys

Do I look fussy?

Honeycomb Baileys, mmmmm

MNHQ

RowanMumsnet · 12/04/2014 20:00

@ItsAllGoingToBeFine

We are sending a message to everyone on our database with the exception of those who've specifically asked to receive no email from us; that will go out soon, probably before the end of today

TBH I think you should send to everybody, opt out or not.

If we do that and lots of people report us for deliberate spamming we could end up getting all our MNHQ emails to our users blacklisted, so it seemed best not to tbh - we're hoping any active users will see the stickies or hear other users talking about it. And of course eventually they'll be forced to reset their passwords anyway.

MNHQ

RowanMumsnet · 12/04/2014 20:01

@doobedoobedoo

Changed my password, but I tried to use a number of symbols in it such as $%@_#+ and I wasn't allowed to. I could only use letters and numbers.

Letters and numbers alone make for very weak passwords. Upper & lower case help (assuming MN software recognises the difference? - I haven't tested that out), but they are still weak if people use real words.

Any chance that Tech could do something to allow other characters in passwords?

Pretty sure you can use special characters because I did - did it explicitly tell you you couldn't?

MNHQ

RowanMumsnet · 12/04/2014 20:05

@Maryz

Don't go pm'ing links to people.

There was a very short list of names and passwords which was online for about 20 minutes. It was found by googling, so anyone who is worried (and I only recognised one name on the list, who isn't on this thread) should google.

Rowan - I know MNHQ have that link (it was a post withdrawn on the other thread, but I'm sure you have it) - maybe email those dozen or so names directly rather than people pm'ing each other.

Yes, we're on it

MNHQ

RowanMumsnet · 12/04/2014 20:11

Those being told you can't use special characters - what devices/OSs/browsers are you using? Just seeing if we can spot a pattern.

MNHQ

RowanMumsnet · 12/04/2014 20:13

@SheherazadeSchadenfreude

I am confused. I changed my password last night - do I need to change it again? And it wouldn't let me log in using this username. I tried using another one I've used recently, that didn't work either, but an older name did?

If you log out, and then try to log back in, you'll be forced to change password again - sorry

MNHQ

RowanMumsnet · 12/04/2014 20:34

@Lucked

Sorry HQ I am not getting this to works.

When I click on link in email it says link expired despite being within 5 mins of requesting it.

Sorry, a few people are saying this - it may just be sheer load on the system so we're advising people to wait an hour or so and then request a fresh link. Apologies

MNHQ

RowanMumsnet · 12/04/2014 20:35

@Sirzy

I don't have access to the email address I registered with anymore (well I can't remember the password or it!) does that mean I need to set up a new account or can i somehow change the email it is linked to?

If you email [email protected] we will take a look, but given the volume of mail we're getting tonight it may not be as quick as response as we would ideally like - sorry. Obvs if we're going to manually change people's email addresses we want to be sure we're definitely dealing with the genuine account holder so it will take some back-and-forth and checking and we may not be able to do it all tonight.

Watch this thread for updates

Tap "Watch" to get all the latest updates