Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk
Site stuff

Join our Innovation Panel to try new features early and help make Mumsnet better.

See all MNHQ comments on this thread

MNHQ

Mumsnet data breach - please read

868 replies

JustineMumsnet · 07/02/2019 12:40

As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts

What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.

Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.

How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.

Thanks to all who brought this to our attention.

Justine

OP posts:
Thread gallery
5
Smotheroffive · 07/02/2019 23:51

...and why something as basic as sending emails in batches was balls up initially, stating everyone will have their emails by now at the latest, this afternoon.

MidnightMystery · 07/02/2019 23:54

Hi, I was asked to log back in however my password wasn't working so I changed password , I've got back in but I've noticed I'm logged in with my old name even though I made a name change before all of this happened. Anyone else who name changed from their original name have this problem?

Donmesswime · 07/02/2019 23:54

Smother, they won't be getting emails unless they ticked the box allowing MN to email them.

marymarkle · 07/02/2019 23:56

I had to log back in. Does the fact I was logged out mean that my data has been breached?

Nicknacky · 07/02/2019 23:58

mary No it doesn’t. Most people had to log back in.

Donmesswime · 08/02/2019 00:00

@MNHQ @JustineMumsnet
I did not tick the box allowing MN to contact me by email.
How can I know if my account was breached?

Judashascomeintosomemoney · 08/02/2019 00:00

Mumsnet isn’t a lovely little local website where we’re just communing with a handful of other mums, no matter how much uses might like to feel it is, it’s a massive world wide money spinner. The ONLY reason it’s going take 24 hours plus to email 900k users is because they have invested minimal money in terms of IT capacity. Where the fuck is all the money going? Gin? Nice jokes about the Toffees though, glad MNHQ think this is funny.

BoreOfWhabylon · 08/02/2019 00:03

I suggest those who have not ticked the box email MNHQ at [email protected] to let them know.

MidnightMystery · 08/02/2019 00:03

@Donmesswime Could you contact them through settings > contact Mumsnet > send query ?

marymarkle · 08/02/2019 00:03

I agree that there is nothing funny about this.
There are women leaving abusive husbands who have shared personal info in DMs, women who have been raped who have shared personal info in DMs, women who have shared personal info about their kids SN in DMs. This is sometimes very sensitive information.

MashedSpud · 08/02/2019 00:06

I still can’t log in with my phone.

Smotheroffive · 08/02/2019 00:08

Don that wasn't what I referred to. Again, I referred to the earlier message confirming all would have emails by now (later this afternoon) - taken that means only those who receive them!!!

TrixieFranklin · 08/02/2019 00:11

I've been logged out of the app twice tonight now, i thought it hadn't been effected and forced log out wasn't relevant or necessary for app exclusive users?

CameliaCamelia · 08/02/2019 00:13

Other forums have got hold of this and mumsnet is yet again being slated

Smaller forums have a tighter control so why not this one? Has MN grown too big for you to handle MNHQ?

Smotheroffive · 08/02/2019 00:18

Large global banking institutions have been plagued as have other global, far bigger than MN been hit and lost data, been hacked, etc. The communications have been very lacking though, very little recognition of impact upon their community, risks to the vulnerable, and it seems much misinformation.

nonickspetticoat · 08/02/2019 00:20

They aren’t doing their best. If they took security seriously (which previous events show they don’t) then no ones personal data would be affected.

Absolute rubbish - even the most robust IT systems are vulnerable - only last year the NHS IT system was compromised - people like you disgust me - happy to blanket blame without any comprehension of facts.

marymarkle · 08/02/2019 00:23

smother banks are targeted by hackers for obvious reasons. This was NOT a hack, it was a fuck up. Very different.
And I know if I did this in my job, I would be sacked.

Smotheroffive · 08/02/2019 00:24

We need to keep our files in locked filing cabinets in future and stick the key in our bras

Smotheroffive · 08/02/2019 00:25

Its the future I tell you

Smotheroffive · 08/02/2019 00:26

Yeah, but I didnt say only banks did I

Smotheroffive · 08/02/2019 00:26

Mn could also be hacked for very obvious reasons too doh!

Donmesswime · 08/02/2019 00:27

Let us just hope that no information had gotten into the wrong hands.

Smotheroffive · 08/02/2019 00:28

Also read my post properly! Simples

TeddyIsaHe · 08/02/2019 00:34

Only about 50k emails have gone so far. There are still over 850k to go

I thought there were millions of unique users a month?

marymarkle · 08/02/2019 00:34

smother Why are you making a joke of this?
And why is it a joke to keep personal info in locked filing cabinets? That is basic standard practice.

Swipe left for the next trending thread