Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk

Back to thread
MNHQ

Mumsnet Data Breach - Q&A

17 replies

JustineMumsnet · 19/04/2018 21:04

As many of you already know, some screenshots of Mumsnet posts were recently uploaded to Twitter by a former Mumsnet intern – here’s a link to a previous thread discussing this in case you've not seen it.

Three of the screenshots showed an Admin’s view of the site and therefore contained the IP addresses of the posters concerned.

Understandably there have been loads of questions about the implications, about what data we hold and who has access to it so we've collated them here. Please do post any queries here or email [email protected] if you’ve any concerns or further questions.

Thanks and huge apologies if this has caused you any concern.

Go to post
MNHQ

JustineMumsnet · 19/04/2018 21:26

@CrochetBelle

Slightly off-topic, but important in knowing who our information is shared with, you say...

The intern needed access to user information in order to carry out her work duties, which included contacting MNers to pass on press enquiries.

What type of press enquiries? Why would the press need to contact a Talk user? And how often does that happen to have it specifically written into the 'work duties' of a member of staff?

What else were her 'work duties'? Comprehensively, please...

It was for media case studies and it doesn't happen very often - a few times a month. We reviewed our policies about who had access to user data during Emma's time at Mumsnet and she (along with some other staff members who only needed access intermittently) had their access removed. Obviously we wish we'd done this a bit sooner.

MNHQ

JustineMumsnet · 19/04/2018 21:41

@Mogleflop

Hi again Justine! Does your database allow audit trails? Can you see if she's accessed information for key vocal people (like Datun?)

Also on another note how are you doing? I hope there hasn't been too much personal nastiness after speaking up in the Times?

No I don't believe we can do this from my initial conversations with Tech - I will explore further however. And I'm ok thanks - I'm staying off Twitter except to post pictures of gin...

MNHQ

JustineMumsnet · 19/04/2018 21:42

@merrymouse

From previous thread:

Why do you think EH posted screenshots from her work computer when the posts she put on twitter are visible on the MN website to anyone with an internet connection?

Why use screenshots from her work account after she left?

I think she'd saved them/ previously sent them to someone. I think the piece in the Sunday Times prompted her to look them up and use them. But I'm speculating of course - I can't be 100% sure.

MNHQ

JustineMumsnet · 19/04/2018 21:44

@ObiJuanKenobi

The recent twitter post by 'Ariel' (see other thread) is really worrying saying more data is to be released over the weekend. *@JustineMumsnet* can you offer any reassurances on its legitimacy?

I can't I'm afraid. But I'm sceptical for sure. I strongly suspect it's being done to inflame but can't confirm that.

MNHQ

JustineMumsnet · 19/04/2018 21:52

@KatherinaMinola

Repeating my question (also asked by other people) from the previous thread:

Are you conducting an investigation into Emma Healey's claims that she still has friends at MN who might make moderation decisions at her suggestion? Because we don't know what else they might do at her suggestion.

As I've said a few times I think Emma's comments about "getting her friends to delete things" were a bit self-aggrandising. There is no evidence of anyone on our staff mis-using mod powers. We've obviously raised the way we mod Trans issues internally and one or two of our team have said they're worried we're not being thorough enough in deleting things that are mean. This is something we'll continue to discuss to make sure we moderate fairly. But I don't believe we have any one who poses a risk to user data on the current team.

MNHQ

JustineMumsnet · 19/04/2018 22:04

@MipMipMip

Why, when you have had a data leak before, was this able to happen? Why did you not implement a disaster plan?

I'm not sure the two are related MMM. In the last instance we were phished, swatted and ddos-ed. Following that we took measures to implement extensive firewalls and regular stress testing and white hack attempts. There have been multiple ddos attacks on MN since none of which I'm pleased to say have brought the site down (touches wood and everything else).

This breach was an employee taking screen grabs of user posts while she was logged in as an admin.

MNHQ

JustineMumsnet · 19/04/2018 22:05

I'm going to sign off now but will be back tomorrow (god willing).

MNHQ

KateMumsnet · 19/04/2018 22:07

If I signed up with an email but then changed my account details and switched to a different one, then is my old one still visible to the mods or is it just the current one?

Yes, the old email is still visible, @chardonnaysPrettySister.

MNHQ

JustineMumsnet · 19/04/2018 22:19

@ChampiontheWonderHamster

You said in your statement Emma had no more data. In the Guardian article it said she had promised to delete further data. Which is correct?

I’d also like an answer to this when you come back tomorrow. Thanks.

Both - Emma told us that she would delete anything she could find that was mumsnet related from her devices. This is not in contradiction to the Guardian article.

I know some of you think there's some kind of cover up going on here and there's not a lot, it seems, we can do to convince you otherwise. We've endeavoured to be as straightforward and honest about what's happened and how and why. We definitely can do some things better procedurally and technically for sure but we're not lying to you. Anyhow on that note I really am off. Night all.

MNHQ

YetAnotherBeckyMumsnet · 20/04/2018 14:28

Hello everyone - just a quick one to say thanks for all your comments, and to let you know we've now stickied the Q&A page.

MNHQ

KateMumsnet · 21/04/2018 10:44

@Tartanscarf

You also have pre ticked boxes for emails to be sent is that due to change prior to GDPR?

Yes @Tartanscarf - pre-ticked boxes for email or data content will be left open from next month, in line with GDPR.

MNHQ

KateMumsnet · 21/04/2018 10:48

Hi all

Just to let you know that we've added to the Data Breach Q&A page over here to answer some more questions.

MNHQ

YetAnotherBeckyMumsnet · 23/04/2018 14:56

Hi folks - thanks for all your questions - bear with us, we're going through them now.

@beyond11cisRetinol the old email will be deleted automatically. Any postcodes supplied at registration will also deleted when a user deregisters their account.

MNHQ

YetAnotherBeckyMumsnet · 23/04/2018 15:59

Oh and @beyond11cicRetinol if you change your email on an active account - the new email will override the old one - we won't have a record of it.

MNHQ

sandymumsnet · 25/04/2018 16:04

@PencilsInSpace

I have a question *@JustineMumsnet* - I deregged a while back (PL blogfest incident) and a few weeks later made a new account using the same email.

Would it have been possible to link the two accounts?

Hi @PencilsInSpace. Your email address would have been deleted from your deregged account. It would be possible to link a deregistered account with a new one if there were an IP address match, but not by email. Your IP address would have to be a “Static IP Address”, and the IP data would have had to be available to whoever was attempting to make the match. We have removed this data from most users at Mumsnet.

MNHQ

sandymumsnet · 25/04/2018 16:07

@Tartanscarf

Given the breach, is there any plan to Change surveys such as this www.mumsnet.com/Talk/mumsnet_surveys/3225740-Mumsnetter-in-a-relationship-Take-our-survey-100-voucher-to-be-won so that is possible to complete them anonymously (obv means no prize if you do) as well as by giving name, usual MN name and email address?

Why do you need usual MN name for that survey?

Hi @Tartanscarf. Currently we ask for MN username and email when you enter a competition - not because you need to be an MNer to enter, but so that we’ve got two ways of contacting you if need be (email and Private Message). But we’re reviewing what data we ask for when users enter competitions and fill out surveys, and the relevant consent processes too, as part of our preparations for GDPR.

MNHQ

sandymumsnet · 25/04/2018 16:11

@Tartanscarf

Threads like this www.mumsnet.com/Talk/housekeeping/3224766-Mumsnet-deals-free-laundry-capsules require members to give their card details to get a free trial. (And it’s not a free trial when you have to pay for it even it is it only a £1).

Can anyone at mumsnet hq see those credit / debit card details?

Given that the partner doesn’t use PayPal, what assurance do mumsnet have that the partner company has robust and secure policies and procedures in place to protect members who go there on the strength of a mumsnet tie in?

Hi @Tartanscarf. No, Mumsnet staff do not have access to your payment details - though the company we hyper-linked to does of course, if you provided payment details to them.

We’d never partner with an organisation that isn’t reputable, or one which we weren’t positive would treat your data carefully, but the actual responsibility for the secure and compliant processing of your personal data rest with the company that we link to. You can see this particular company’s privacy policy here, and if you’d like to find out more detail you can contact them at this email address: [email protected].

Watch this thread for updates

Tap "Watch" to get all the latest updates

End of posts

There are no more MNHQ posts on this thread

Back to thread