Mumsnet Data Breach - Q&A

[JustineMumsnet]

As many of you already know, some screenshots of Mumsnet posts were recently uploaded to Twitter by a former Mumsnet intern – here’s a link to a previous thread discussing this in case you've not seen it.

Three of the screenshots showed an Admin’s view of the site and therefore contained the IP addresses of the posters concerned.

Understandably there have been loads of questions about the implications, about what data we hold and who has access to it so we've collated them here. Please do post any queries here or email [email protected] if you’ve any concerns or further questions.

Thanks and huge apologies if this has caused you any concern.

Has anyone had sight of EH's Twitter posts after she protected it? Do you know what else was posted?
Hopefully she doesn't have identifying details screenshotted of posters she has targetted for GC views tucked away and has sold her career down the Swanee for a few useless IP adresses.
A pp mentioned the purpose of storing old email addresses and this is a valid question you might need to deal with in May when GDPR hits. You may well have a pile of 'right to be forgotten' requests coming!
In some ways EH has done us all a favour by showing her hand on a small subset of her data and leading us to question what is being held, is accessible and whether that is appropriate. And indeed playing her hand with a month to go, highlighting that before the fines :)

you cannot let her delete any extra data she has without disclosing it to you. You also cannot just accept her word on this matter

This with giant deafening alarm bells and big flashing lights on.

Encouraging the destruction of evidence is probably a criminal offence in itself. If nothing else it adds to the destruction of trust between MNers and your company.

This is our data @MNHQ, not yours.

We ticked a box to say we agree to you using our data (not taking ownership of it) for various purposes, on the understanding that you were committed to ensuring that our privacy is protected.

If this is no longer a commitment then you need to get us all signed up to a new T&C - 'post at your own risk, we don't care who gets your data or what they do with it. We'll protect ourselves, not you.'

.

Did we know that MNHQ can read our PMs? I would ask why this is. If the police or interpol demand access that's one thing but on a day to day basis I for one assumed that PMs didn't fall under the same agreement (eg right to publish) as posts on threads. So why do mods/other staff need access to them?
I will add that I am not worried about the content of my PMs but I would still be concerned that I had shared information there which I never expected a third party to have access to.

I just assumed that they could, Choccy. Not necessarily that they did, but that they could.

I didn't reckon on MN staff stealing the data though.

Of course they can access PM's.

Anything you post on any site ultimately can be accessed by sys admins.

PMs can be read, yes. That was confirmed a while back I thought. There were fishing PMs and it was discussed then

Please can you confirm that you will be deleting records of old email addresses and anything else that users cannot see that is held on them from their ‘my account’ screen?

Advice is being given to users to change their email address to something non-identifiable but this will give a false sense of security if old data is simply being held without their knowledge.

What advice?

I always assumed some roles at MNHQ had access to PMs.

I never expected that just about anybody who worked there or did an internship would have access.

I must have missed that phishing stuff. I am usually all over this kind of thing but for some reason saw PMs differently. I understand they could be pulled up by admin if necessary, I just wonder why they would do this and how many staff had this sort of access.

Not official advice, Darth, just posters on threads talking about it. I’m a bit annoyed that MNHQ are holding account data that I can’t see. If I e.g. originally provided my postcode but deleted it, is that actually still on my account too?

People took measures post-Jeffrey that might actually have been pointless.

I think that's the problem tbh.

There's a lot of assumptions.

Honestly I think everyone needs to calm tf down about this.

I note Bumble has gone.

@noblegiraffe

Every site you sign up to holds data about you.

Every single one.

MNHQ have answered what data they hold on the Q&A.

As a more general point.

I'm sorry but this overly faux outrage is beginning to grate.

Darth I think it is reasonable to assume that if I delete something from my account then that data is deleted from my account. Deleting it is an indication that I no longer want them to hold that data. If you change your username, you can see that they still hold a record of your previous usernames.

overly faux outrage

How patronising.

Agree that deletion of evidence of data theft is wrong.

If you interpreted it as patronising @noblegiraffe then that's your call.

Upshot is that aside some pertinent and relevant questions on this issue there's a hell of a lot of scaremongering going on.

Which is exactly what EH an her ilk wanted.

@JustineMumsnet

AFAIK Justine is the only big business person who has stood up for our right to talk about WAG rights.

Hell, even very rich/protected celebs like JK have caved into TRA pressure.

Justine backed us, I'll back her.

apologies in to not into

It is incorrect to assume that you deleting information or changing information would cause the holder of the information to delete the previously recorded information. On or off the internet.

"It is incorrect to assume that you deleting information or changing information would cause the holder of the information to delete the previously recorded information. On or off the internet."

How can they link your data if you delete your account and sign up again with a different email?

United we stand, divided we fall...

Is there any internal moderation or overview of deleted posts in sensitive areas that might show bias on the part of individuals in the community Mod team?
Not just in the GC/TRA area but other topics such as antenatal choices.
One or two well, I didn’t consider my post to be contravening TG as others saying the same thing were left to stand may show considerable bias if a pattern was established that showed a Mod persistently came down on one side or the other.
I don’t expect the Mod Team to be perfect, none of us are and we all have our own personal bias in particular topics in the wider world, whatever our job. However, in my job that bias would be noticed due to a culture of monitoring (without spying on colleagues) and training that emphasises our personal bias is not acceptable in the workplace or on social media.

DarthArts completely agree.

Now, of course, it's absurd to keep old email addresses. No upside, lots of downsides. Dumping that archive would be a very good idea.

Agree. Unless there is a strong business reason to keep old email addresses, they should all be removed forthwith. I can't think of a single good reason to retain them.