Hackergate thread part three - PLEASE read

[TheOnlyOliviaMumsnet]

Hi all,

This thread is about to max out please continue here and we will update with info as an when we have it.

We will get to all emails and reports but it may take some time Huge apologies.

Here is Justine's OP from the previous thread:

On the night of Tuesday 11 August, Mumsnet came under attack from what's known as a denial of service (DDoS) attack. Our servers were bombarded with requests, which required our internet service provider to massively increase server capacity to cope. We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets "Now is the start of something wonderful", "RIP Mumsnet", "Nothing will be normal anymore" and "Our DDoS attacks are keeping you offline".

To add to the 'fun', it seems @DadSecurity also resorted to Swatting attacks. Swatting is a criminal practice in which someone makes an emergency call to the police claiming that a crime is taking place at the house of the intended victim, in order to get them to send a swat team to the address.

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to "prepare to be swatted by the best" in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses. The police are investigating both instances.

@DadSecurity also claimed that he had access to Mumsnet user data. Later on 12 August, it became apparent that someone/ones had hacked into some of Mumsnet's administrative functions, at which point they were able to redirect our homepage to the @DadSecurity Twitter profile page, as well as to edit posts from two users' account and an MNHQ account on our forums.

Someone claiming to be the hacker also posted on the thread on which users were discussing the site outage. We immediately locked down all access to our admin functions and reported the attack to the police. We were confident that users' passwords had not been accessed, because MNHQ doesn't hold them as plain text; they're all encrypted, so that no one - not even us - can see them.

However, over the weekend, a user reported that posts had been made under her name which weren't by her, and we spotted two other cases where this had happened. This clearly suggested that the hacker had nonetheless been able to get hold of some users' passwords.

Our best guess at this stage (and it is just a best guess) is that this has been done via a form of phishing, in which the hacker creates a fake Mumsnet login page to which users are directed when clicking on our login button. The page would have had a different url but otherwise would look just like the usual page. The hacker would have been able to see passwords in plain text when they were typed in.

We take great care to protect the information you give us and not to ask for or store any more information than we need to run the site, but though we can't know how many accounts have been affected, there have been enough breaches for us to ask all Mumsnet users to change their passwords. As a result, you'll no longer be able to log in to Mumsnet with your current password, and will need to create a new one, here.

This will mean that any passwords the hacker has been able to harvest up to this point will be useless. We are looking into what we can do to strengthen our defences against phishing, but in the meantime we need to ask you to be vigilant, and to check the URL of the login page for the foreseeable future. The correct URL is www.mumsnet.com/session/login and it reads rather than at the beginning. We will place a warning on the login page reminding you to do this.

Alternatively use the social login option (ie Facebook/Google) as then you won't be required to enter a password. And if you log into any other sites using the same password that you use on Mumsnet, it makes sense to change your password on those sites, too.

We're really sorry for the alarm and inconvenience this might cause, and we realise you're likely to have further questions about what's been happening, so here's a summary of answers to the most obvious questions.

You say the hacker was able to access Mumsnet users' data: was data from my personal account accessed?
We have no way of knowing how many Mumsnetters were affected - so far we have evidence of 11 user accounts being hacked but it's an ongoing investigation. Those users have been informed, and their passwords have been reset. We think it prudent, however, that everyone reset their passwords - which in any case is a sensible thing to do from time to time.

What data could the hacker see?
By using your password and login, he would have been able to see the data on your profile - so that includes your username or email plus your password, your postcode if you've supplied it, your username history and your Mumsnet inbox.

Now that I've changed my password, can you guarantee that my data is safe?
Unfortunately, we can't give you a cast-iron guarantee of this - no site can. By forcing a password reset the hacker won't be able to log in as you; however, if phishing was the cause, the page could be phished again, which is why it's important that you check the URL of the login page when you enter your details, or use your social login. If the URL is anything other than www.mumsnet.com/session/login, don't use it.

Final thoughts
The internet is of course brilliant, but it's not 100% safe and secure. Whenever you share anything on the web, either publicly (such as on a Mumsnet thread) or privately (such as the data you give to a website when signing up), have a think about how happy you'd be for that information to fall into the hands of someone else. Make your passwords as secure as possible and change them every few months. Use different passwords for different accounts. Close redundant accounts that you no longer use.

And if you read nothing else...
I do realise this post is long, so here's a quick summary:

DO reset your Mumsnet password
DO make passwords really strong to reduce the risk of them being guessed
DO check the URL of any login page to reduce risk of phishing
DO verify that is being used on login pages
DO use social login to avoid typing passwords
DON'T give out information to any organisations without verifying they are who they say they are (such as the fake @mumsnetsupport twitter account that had also been started but has now been removed by Twitter)

Please post here or mail us on [email protected] with any questions or thoughts. As you can imagine our inbox is fairly voluminous at the moment but we'll get back to you as quickly as we can.

Thanks very much for reading,

Justine

Well, I've done several password changes today, have changed username (shame, was fond of the old one), and cleared my account so nothing personal is now showing.

I also changed email address to a new email that's not being used for anything else, and changed multiple passwords across various websites to random stuff.

I took advantage that my laptop is touchscreen and used the onscreen keyboard facility when inputting passwords. I reckon others could do this using the cursor to click, might get round any keylogging stuff.

Jeff is one sad little man, who has this much free time?

Here we go again, its like groundhog day from 2014.

Clearly nothing has changed since the last time this happened.

But thats ok, the ad revenue keeps flowing in and "lessons will be learnt" etc etc

As for the OP and the excuses, you might be surprised to learn that some of the account holders actually have a vague idea how this stuff works and can see through the fud, its pretty clear that when it comes to security you really are letting the monkey fly the aeroplane.

Really pissed off now.

Please log us all out so we can set a new password.

Like the name change?

Has anyone had email confirmations of passwords changed today? I did yesterday but not today. Paranoid now!

My name was not on the list.

RasberryOverload I have been logging on only on my iphone recently. I wonder if the touchscreen has made the difference re: recording keystrokes.

Mintjulip your not on the list.

I remember the hacker guy. He was a knob and a half. If I've got the right one.

loopy

thanks you

I have tried changing my e mail but it hasn't changed its still coming to my normal e mail

And I just went to log in online (instead of the app) and it didn't log me in, does that mean the fukker got my password etc?

What was being said? (Don't want to click the link!)

Jeffrey was just saying that he finally did it, other posters congratulate him, they discuss putting it out that it was father4justice and 4chan. Jeffrey said that he has charged £100 to a MNers iTunes account (the MN used the same email and password), they all laugh. They link to another thread where they have been discussing trolling MN and accessing RebeccaMumsnet account. Someone's says they put a phishing link on their own MN profile. (Quite a few seem to have MN accounts).
They were also watching these threads and copy and pasting some fake posts that they have made on here and laughing again.

They just seem like a bunch of weirdos tbh.

Are they posing as real users ?

Does anyone remember a guy - was he called Steve? Something to do with the name Tesla, I think that was his user name.

It was a few years ago now. I'm sure he was trying to hack certain people's information. Probably nothing to do with it.

What a complete knobber,who on earth has enough time for this???

I'm another one staying put,I will not be forced out over a sad individuals behaviour.

Mumsnet will survive this!

(Hands out drinks & nibbles preparing for mass sit in)

Nah, I only ever log in via onscreen stuff on iPhone or iPad, and I was compromised, so it doesn't help if you use touchscreen for keystroke recording, I don't think. I'm not surprised I was on the list tbh - I had a few weird experiences where I had to log in unexpectedly over the last couple of weeks, so as soon as I knew there was a list published I was pretty sure I would be on it. From my experience it looks straightforward, but of course it may have just been made to look like that, lol.

In other news, have we really got 7.7 million users now?

Hi there, I have checked and from the IP it looks like I was definitely hacked while on my work email. I'm not there now but tomorrow I can definitely confirm which dates I was on mumsnet as I don't go on in work often and from memory there was a big long gap between at least 31st July and 14th August. Is this at all helpful for working out when the 'phishing' happened.

Okay... I'm going to admit to a bit of a sin here. I've got two MN accounts, due to opening a new one up about six months ago when I couldn't get at my usual one and was stuck in the middle of nowhere for a couple of days, bored rigid. I've just been to check the inbox of the email address I used to set it up, and there is no sign of the email. My normal MN account home email address received the reset email with Justine's message yesterday and I did it straight away. However, I did use that account only for that day or so and had forgotten until just now that I even had it. Do unused accounts ever get automatically deleted or suspended?

I mean while I was at work.

I changed my email address this morning to a new one. It worked this morning. However, I've gone back in and it's reverted back to my original one.

Any idea MNHQ?

Big fox I saw that bar too. It was where the adverts are but tried to look like a message inbox. I did think it looked a bit dodgy

Ive changed all my details, password, I can't think of a NN yet.

I want that nn FuckOffJeff

That has made me chuckle