Active discussions

Meet the Other Phone. Child-safe in minutes.

Meet the Other Phone.
Child-safe in minutes.

Buy now

Please or to access all these features

Talk

Back to thread
MNHQ

Hackergate thread part three - PLEASE read

56 replies

TheOnlyOliviaMumsnet · 19/08/2015 12:10

Hi all,

This thread is about to max out please continue here and we will update with info as an when we have it.

We will get to all emails and reports but it may take some time Huge apologies.

Here is Justine's OP from the previous thread:

On the night of Tuesday 11 August, Mumsnet came under attack from what's known as a denial of service (DDoS) attack. Our servers were bombarded with requests, which required our internet service provider to massively increase server capacity to cope. We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets "Now is the start of something wonderful", "RIP Mumsnet", "Nothing will be normal anymore" and "Our DDoS attacks are keeping you offline".

To add to the 'fun', it seems @DadSecurity also resorted to Swatting attacks. Swatting is a criminal practice in which someone makes an emergency call to the police claiming that a crime is taking place at the house of the intended victim, in order to get them to send a swat team to the address.

An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to "prepare to be swatted by the best" in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses. The police are investigating both instances.

@DadSecurity also claimed that he had access to Mumsnet user data. Later on 12 August, it became apparent that someone/ones had hacked into some of Mumsnet's administrative functions, at which point they were able to redirect our homepage to the @DadSecurity Twitter profile page, as well as to edit posts from two users' account and an MNHQ account on our forums.

Someone claiming to be the hacker also posted on the thread on which users were discussing the site outage. We immediately locked down all access to our admin functions and reported the attack to the police. We were confident that users' passwords had not been accessed, because MNHQ doesn't hold them as plain text; they're all encrypted, so that no one - not even us - can see them.

However, over the weekend, a user reported that posts had been made under her name which weren't by her, and we spotted two other cases where this had happened. This clearly suggested that the hacker had nonetheless been able to get hold of some users' passwords.

Our best guess at this stage (and it is just a best guess) is that this has been done via a form of phishing, in which the hacker creates a fake Mumsnet login page to which users are directed when clicking on our login button. The page would have had a different url but otherwise would look just like the usual page. The hacker would have been able to see passwords in plain text when they were typed in.

We take great care to protect the information you give us and not to ask for or store any more information than we need to run the site, but though we can't know how many accounts have been affected, there have been enough breaches for us to ask all Mumsnet users to change their passwords. As a result, you'll no longer be able to log in to Mumsnet with your current password, and will need to create a new one, here.

This will mean that any passwords the hacker has been able to harvest up to this point will be useless. We are looking into what we can do to strengthen our defences against phishing, but in the meantime we need to ask you to be vigilant, and to check the URL of the login page for the foreseeable future. The correct URL is www.mumsnet.com/session/login and it reads rather than at the beginning. We will place a warning on the login page reminding you to do this.

Alternatively use the social login option (ie Facebook/Google) as then you won't be required to enter a password. And if you log into any other sites using the same password that you use on Mumsnet, it makes sense to change your password on those sites, too.

We're really sorry for the alarm and inconvenience this might cause, and we realise you're likely to have further questions about what's been happening, so here's a summary of answers to the most obvious questions.

You say the hacker was able to access Mumsnet users' data: was data from my personal account accessed?
We have no way of knowing how many Mumsnetters were affected - so far we have evidence of 11 user accounts being hacked but it's an ongoing investigation. Those users have been informed, and their passwords have been reset. We think it prudent, however, that everyone reset their passwords - which in any case is a sensible thing to do from time to time.

What data could the hacker see?
By using your password and login, he would have been able to see the data on your profile - so that includes your username or email plus your password, your postcode if you've supplied it, your username history and your Mumsnet inbox.

Now that I've changed my password, can you guarantee that my data is safe?
Unfortunately, we can't give you a cast-iron guarantee of this - no site can. By forcing a password reset the hacker won't be able to log in as you; however, if phishing was the cause, the page could be phished again, which is why it's important that you check the URL of the login page when you enter your details, or use your social login. If the URL is anything other than www.mumsnet.com/session/login, don't use it.

Final thoughts
The internet is of course brilliant, but it's not 100% safe and secure. Whenever you share anything on the web, either publicly (such as on a Mumsnet thread) or privately (such as the data you give to a website when signing up), have a think about how happy you'd be for that information to fall into the hands of someone else. Make your passwords as secure as possible and change them every few months. Use different passwords for different accounts. Close redundant accounts that you no longer use.

And if you read nothing else...
I do realise this post is long, so here's a quick summary:

DO reset your Mumsnet password
DO make passwords really strong to reduce the risk of them being guessed
DO check the URL of any login page to reduce risk of phishing
DO verify that is being used on login pages
DO use social login to avoid typing passwords
DON'T give out information to any organisations without verifying they are who they say they are (such as the fake @mumsnetsupport twitter account that had also been started but has now been removed by Twitter)

Please post here or mail us on [email protected] with any questions or thoughts. As you can imagine our inbox is fairly voluminous at the moment but we'll get back to you as quickly as we can.

Thanks very much for reading,

Justine

Go to post
MNHQ

RebeccaMumsnet · 19/08/2015 16:47

Hi all,

Sarah will be starting a new thread shortly to communicate the new, new password change.

I'm going to try and respond to other Qs now.

MNHQ

RebeccaMumsnet · 19/08/2015 16:55

@Spookier

So... I see people talking about an email to advise users to change passwords? I didn't get one, any idea why?

Have you checked your spam folder Spookier?

MNHQ

RebeccaMumsnet · 19/08/2015 17:00

@EauPea

Is there any truth to Jeffrey's claim of an "inside job"

No, not as far as we are aware. He does seem to be doing his utmost to create huge distrust but we have no reason to believe there is any truth in this.

MNHQ

RebeccaMumsnet · 19/08/2015 17:07

@Pipbin

If I decided to set up an email just for MN, can I attach it to my current account?

yes you can, go into My Account in the top right corner and edit your email.

MNHQ

RebeccaMumsnet · 19/08/2015 17:32

Hi all,

We are under a DOS attack again, apologies if we get interrupted. Tech are obviously on it.

MNHQ

RebeccaMumsnet · 19/08/2015 17:39

@SewingAndCakes

Thanks
MNHQ

RebeccaMumsnet · 19/08/2015 17:42

@CarriesBucketOfBlood

Is it likely/ possible that this DOS has been launched so that the hackers can access further information/ alter web coding/ add in more phishing opportunities while the site is vulnerable? Or is it just for nuisance?

Would be nice to know so that we could 'prepare' ourselves if more information is to be leaked.

Carries, we don't know at this time but will keep you updated as and when we know more.

MNHQ

SarahMumsnet · 19/08/2015 17:47

Hey all,

was coming on to post about the DoS attack but RebeccaMN beat me to it. Obviously this has had knock on effects in MNHQ; will keep you updated and again apologies.

Sarah

MNHQ

RebeccaMumsnet · 19/08/2015 18:29

Thanks all, we will keep posting and tweeting / Facebooking when we can.

MNHQ

KateMumsnet · 19/08/2015 19:41

@BrumpyGollocks

Any one on the mobile site?

I'm on iPhone and have a little blue pop up bar at the right bottom corner of the screen saying along the lines of " mumsnet site attacks and what to do"
Is this a legit link?
It's not been there long.

Hello BrumpyGollocks - yes, this is legit. We use these to alert MNers to webchats and the like generally, but today we're linking to a page where we're compiling various questions MNers have asked about the site, and MNHQ's answers.

MNHQ

KateMumsnet · 19/08/2015 19:45

Apologies, too, for what might look like a lull in MNHQ activity. We're waiting until the current DDoS has finished, and then we'll be back on it.

MNHQ

KateMumsnet · 19/08/2015 19:51

@WalfordEast

I never got an email yesterday asking me to reset my password- I just couldn't log in, so asked for a reset request and reset it with the link I was given. Should I worry now?!??!

Don't worry WalfordEast. We can't be sure why you haven't received an email, but if you requested a password request and followed that link you'll be fine.

MNHQ

KateMumsnet · 19/08/2015 19:55

@AliceDoesntLiveHereAnymore

KateMumsnet can you confirm please if we are supposed to get a confirmation email when we change passwords? Confused

Hello Alice - I'm pretty sure the answer is yes, but I'll double check now and get back to you asap.

MNHQ

KateMumsnet · 19/08/2015 20:01

Just quickly, in case people haven't seen it, you can find a page where we've gathered some of the FAQs of the last couple of days over here. We're going to be adding new information and updating this page regularly so it's worth checking back every now and again.

MNHQ

KateMumsnet · 19/08/2015 20:04

@sebsmummy1

Oh FFS I have been asking all bloody day for my account to be deregistered and it STILL isn't. Can someone please action my request. Please!!!!!

We're so sorry sebsmummy - as you can imagine we're a bit swamped with requests of various kinds over here, but we promise we're working around the clock to carry them out as quickly as possible.

MNHQ

KateMumsnet · 19/08/2015 20:18

@BoffinMum

We need a gin icon so we can send you some, MNHQ.

May the force be with you this evening, my friends.

This is very much appreciated. I'll take gin with a tiny splash of the force, please.

MNHQ

KateMumsnet · 19/08/2015 20:24

@TheHoneyBadger

hacking a moderator's admin powers within the site. knew this wasn't just phishing - do hope someone from mnhq is bothering to read this and checking out that thread themselves

Thanks Honeybadger, I've drawn your posts to Tech's attention and I'm sure they'll be following the link up.

MNHQ

KateMumsnet · 19/08/2015 21:12

Hello again - quick update from tech team about the site that you linked to Honeybadger, to say they've been aware and are investigating.

MNHQ

KateMumsnet · 19/08/2015 21:25

Hello all - could we request that you don't post external links on the thread at this time? We're investigating as you know, and it might muddy the waters a little.

MNHQ

SarahMumsnet · 19/08/2015 22:02

Hello everyone

Again: apologies this is ongoing. With regard to the latest data dump, this is a list of client emails. We believe that the hacker has used a password from the old hack to gain access to another system (external to Mumsnet) on which we store client information. There haven’t been any new breaches of our normal user data, and contrary to what they claim, we DON'T pass on our user data to commercial clients without express permission. We've now removed access to all services we use where we store additional data, bar a single point of access for each.

We also uncovered the posts on 8chan earlier today, and they're part of our investigations.

Could we ask, please, that MNetters stop attempting to log into the accounts of those on the lists? At the moment we believe that anyone who used those passwords for any service other than MN - including financial services - could have had those services accessed. We need to stress again that those on the list MUST change all passwords as a matter of urgency.

Thanks,
MNHQ

MNHQ

SarahMumsnet · 19/08/2015 22:19

UPDATE:

We're going to force a logout and password change in the next few minutes. Full information in the OP of this thread - please read, and don't worry when you're logged out - it's MNHQ doing.

MNHQ

KateMumsnet · 19/08/2015 23:16

@Lavenderice

can someone please tell me what happens if you don't change your password, will your account be deleted?

No, Lavender, you just won't be able to log in and post.

MNHQ

JustineMumsnet · 20/08/2015 00:18

@blowinahoolie

Why wasn't this in the media last week when DadSecurity compromised the security?? I couldn't log in last week, and it's only when someone has been swatted that it comes to light. It should have been publicised much earlier than today, tbh. Not impressed.

The first swatting attack was early hours of Tuesday 11th - well over a week ago. This is in the media because we posted on Tues 18th on site, resetting all passwords, explaining the server attacks and the swatting after we established that user passwords had been compromised, which wasn't until sunday/monday 17th.

MNHQ

JustineMumsnet · 20/08/2015 00:38

@cozietoesie

How are the staff at HQ holding up? (Some of the posts, while courteous, are starting to sounds very tired indeed.)

Yes, sleep!

@cozietoesie

*sound

Time for sleep for me also, I think.

Yes indeed - sleep well!

MNHQ

RebeccaMumsnet · 20/08/2015 08:14

Morning all,

We are here and will be working through your questions.

We are waiting for Tech to confirm the exact parameters of the passwords, apologies that this was not clear last night, we have a team of people working long hours to keep on top of all of this and the communication side of things is difficult when things happen at the rate in which they have. Apologies.

We will post the correct parameters when we have them (asap) but we know loosely, it will be a long password (around 12 characters) Upper and lowercase and contain numbers/ symbols. This is my best guess from discussions yesterday, we will confirm shortly.

For those who were not forced out, what device are you on? This may help us.

Thank you all for your comments and support, it's been a very busy few days and we are pedalling as fast as we can, please do bear with us and we will respond to your questions.

Strength and gin...

Watch this thread for updates

Tap "Watch" to get all the latest updates