Mumsnet Data Breach - Q&A

[JustineMumsnet]

As many of you already know, some screenshots of Mumsnet posts were recently uploaded to Twitter by a former Mumsnet intern – here’s a link to a previous thread discussing this in case you've not seen it.

Three of the screenshots showed an Admin’s view of the site and therefore contained the IP addresses of the posters concerned.

Understandably there have been loads of questions about the implications, about what data we hold and who has access to it so we've collated them here. Please do post any queries here or email [email protected] if you’ve any concerns or further questions.

Thanks and huge apologies if this has caused you any concern.

Oh and @beyond11cicRetinol if you change your email on an active account - the new email will override the old one - we won't have a record of it.

The key to containing trolls is good, adequately staffed, informed moderation and policies. The mods don't seem to understand the different covert tactics of sealions and concern trolls that derail threads. This is a skill based issue where coercive control training could well assist in spotting the pattern of derailing and undermining comments and posts, not the one "big aggro comment".

Ironically and sadly, this is exactly the same issue facing the police when they attend many DV incidents where the woman, the genuine victim, can look like the problem as she has been unrelentingly and unreasonably provoked and harassed over long periods, each incident in and of itself not looking particularly concerning to the untrained eye.

The modding policy and execution would do well to skill up to understand these covert methods of coercion that most trolls are now skilled in. They have refined their MO like all male abusers. Also understanding threat actors as in cyber security, but pertaining not only to network attacks, which is what most cybersecurity focuses upon because "boys like that", but also understanding the motivated individual threat profile i.e. stalkers and harassers in the form of trolls and abusers. Bedford University have expertise, I understand, in this area of cyberstalking and cyberharassment by stealth

WITHDRAWN. I AM WRONG. Many apologies.

@PencilsInSpace

I have a question *@JustineMumsnet* - I deregged a while back (PL blogfest incident) and a few weeks later made a new account using the same email.

Would it have been possible to link the two accounts?

Hi @PencilsInSpace. Your email address would have been deleted from your deregged account. It would be possible to link a deregistered account with a new one if there were an IP address match, but not by email. Your IP address would have to be a “Static IP Address”, and the IP data would have had to be available to whoever was attempting to make the match. We have removed this data from most users at Mumsnet.

@Tartanscarf

Given the breach, is there any plan to Change surveys such as this www.mumsnet.com/Talk/mumsnet_surveys/3225740-Mumsnetter-in-a-relationship-Take-our-survey-100-voucher-to-be-won so that is possible to complete them anonymously (obv means no prize if you do) as well as by giving name, usual MN name and email address?

Why do you need usual MN name for that survey?

Hi @Tartanscarf. Currently we ask for MN username and email when you enter a competition - not because you need to be an MNer to enter, but so that we’ve got two ways of contacting you if need be (email and Private Message). But we’re reviewing what data we ask for when users enter competitions and fill out surveys, and the relevant consent processes too, as part of our preparations for GDPR.

@Tartanscarf

Threads like this www.mumsnet.com/Talk/housekeeping/3224766-Mumsnet-deals-free-laundry-capsules require members to give their card details to get a free trial. (And it’s not a free trial when you have to pay for it even it is it only a £1).

Can anyone at mumsnet hq see those credit / debit card details?

Given that the partner doesn’t use PayPal, what assurance do mumsnet have that the partner company has robust and secure policies and procedures in place to protect members who go there on the strength of a mumsnet tie in?

Hi @Tartanscarf. No, Mumsnet staff do not have access to your payment details - though the company we hyper-linked to does of course, if you provided payment details to them.

We’d never partner with an organisation that isn’t reputable, or one which we weren’t positive would treat your data carefully, but the actual responsibility for the secure and compliant processing of your personal data rest with the company that we link to. You can see this particular company’s privacy policy here, and if you’d like to find out more detail you can contact them at this email address: [email protected].

Mumsnet said We’d never partner with an organisation that isn’t reputable, or one which we weren’t positive would treat your data carefully, but the actual responsibility for the secure and compliant processing of your personal data rest with the company that we link to.
Well that didn't pan out well with the Pink Parcel/BettyBox trial where numerous participants got sent boxes with other people's names on, and the company involved was called out on making dubious claims about the health benefits of chocolate and the fact 94% of letter boxes were large enough to receive their packages.

Yes, YouStacey, and then there was that other dodgy educational tutoring service offered as a product test just the other day (albeit swiftly pulled once the dodginess was pointed out).

Can I just wholeheartedly second the suggestion of woman above?

Coercive control training for mods would be a really good idea. It’s often not the content of a specific post but the pattern that’s the issue, and once it’s pointed out to you it does stand out.

It’s a very VERY good idea and it’d be a fairly low cost way of doing something very positive for moderators and the boards.

I don't understand most of what is being discussed as didn't do IT at school but what I keep wondering now is who works for MNHQ? I have had a few usernames and have posted very sensitive stuff at times I would not want my DH's family to know about . They know our real names IIHUC but we don't know theirs..

@MNHQ Any reply to these questions about partner organisations?

Apols for bumping an old thread - this is for the poster who messaged me asking for more detail - hope you see it and it answers your questions

(I’m a bit paranoid just now about replying to messages now hence not replying directly, hope that is okay!))