Mumsnet data breach - please read

[JustineMumsnet]

As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts

What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.

Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.

How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.

Thanks to all who brought this to our attention.

Justine

Agree with RedToothBrush. There's so much 'ground clutter' on this thread it must be frustrating to sift through for pending issues reported.

Some just seem to be enjoying a bit of a thrill in calling 'catastrophe' and dramatising. It's incredibly patronising to assume that MNHQ staff have been 'sleeping for 9 hours' just because they haven't been rushing in to breathlessly update. Since when does that ever happen in business?

I don't know any MNHQ people any more than I know any posters here. I don't imagine they've been sitting on their thumbs and I don't think they've deserved the slagging off they've had from some.

MNHQ has complied with requirements, notified the regulators, kept us informed and made a FAQ page with plans for recovery and improvement. They're responding individually to posters who have been actually affected. What else would you have them do?

ok so i don't post anything that is too confidential / confrontational, mainly school chat.

i do use my real email - full name

what should i do? delete whole account and start again with random email?

If we havent been emailed have we not been breached? Would we be best of deleting and registering again?

BoreofWabalon I reported the post also, but as they are still up i’ve reported them all again. It’s ironic to MNHQ are ignoring aggression on here.

MNHQ, this thread really needs to be pinned at the top of AIBU. Don’t you have an obligation to notify affected people?

I haven’t received your email, I’m not sure anyone has. So surely keeping this thread in a high traffic spot for now is a sensible and necessary step.

"Some just seem to be enjoying a bit of a thrill in calling 'catastrophe' and dramatising. It's incredibly patronising to assume that MNHQ staff have been 'sleeping for 9 hours' just because they haven't been rushing in to breathlessly update. Since when does that ever happen in business?'

Indeed. But have you had your email yet??? It's the burning question.

It's incredibly patronising to assume that MNHQ staff have been 'sleeping for 9 hours' just because they haven't been rushing in to breathlessly update. Since when does that ever happen in business?

Feel free to point out the person who said they have been sleeping and that is wrong.

For a breach of personal and sensitive data of this type there should be regular updates on a schedule (even if the update is 'still working on it no material changes this last two hours). There should also be 24*7 tech support.

It is a large commercial organisation and its ridiculous that overnight support on this issue is left to unpaid volunteers. MN stopped being a kitchen table hobby forum over a decade ago. They have also accumulated significant experiences of breaches from which to learn.

Its not dramatising to highlight that the level of protection for members who have been encouraged to share sensitive information (in particular in PMs) is inadequate for a large commercial organisation however much we may appreciate many of its other characteristics.

Oh and I haven't received any notification yet more than 24hrs after we were told they had already been sent. I notice also the FAQ directly contradicts some of the information we were given yesterday.

No good relying on the Toffees to do us a favour. 😂 It's not your couple of days, is it, @JustineMumsnet?

I had my email at 01:01 this morning. I questioned my security with MN first thing this morning and got an email back saying that 'as far as they could tell' my account details weren't compromised. Not very reassuring.

Querty, this thread was stickied at the top of a number of topics from yesterday afternoon. It was replaced by a new stickied thread with an update, including FAQs, at 11:30 this morning.

I don't know why a few people keep harping on about the overnight volunteers (The Night Watch). They have no powers to comment on tech related stuff - they are only there to try to deal with overnight trolls and spammers and they have extremely limited 'powers'.

I deregistered and started again. I hope lessons have been learned.

I've signed up under a new less personal email as my other one made it very easy to find me and obvious who I was.

Now I feel like I'm going to be have to be careful about what I post as there isn't the 15 history MN can look at and say 'no op isn't a troll, she's a long time poster'.

I imagine it'll be the same for many others. It's probably going to send troll hunting in to orbit and mean the deletion of well meaning posters due to misunderstanding.

EveSaidWhat, Actually, no. That said, I did have one the on the last occasion as MN thought my account was one that had been breached.

Reading what Justine has said in the first post (and subsequent), everybody who is registered will receive an e-mail containing exactly what is in that first post. Users whose accounts have been breached, or thought to have been breached, will be contacted directly and individually. I'm satisfied with that.

I think, in hindsight, it might have been better for MNHQ to put up a stickied post on the main boards saying that there has been a breach, not everybody's accounts will have been affected but everybody has had to log in again - and that MN will be in touch with those directly affected.

They could have then sent out an e-mail to all users as a last job, not a first job, because the sending limits must have been exceeded and that's possibly hampering the contact of those who actually need to be got it in touch with - as well as causing all of those who want an e-mail immediately, telling them exactly what's been posted already. It's pointless.

The only important thing right now is for those who are actually 'at risk' to be notified. Everybody else knows everything they are ever going to know or need to know at this point.

I think MNHQ are working behind the scenes at quite a pace. Why would they not? They're a commercial venture at the end of the day.

My husband works in IT, I don't. He's forever reminding me not to use the same passwords, log out each time, etc., etc. I don't always (or ever) but at the same time, I don't post very personal stuff here, my kids details aren't here or anywhere because I've no idea of the audience.

It's not wrong to post personal details but when you can't control who sees them and who might use them - and something like this happens, it does bring it home that this isn't a sweet and fluffy chatboard and that there are real implications for some posters and I'm sorry for their upset, I'm sure it's really concerning, it would be for me too.

What I'm taking issue with is not those posters, it's the same old ones who pitch up on any thread where there's a problem, wagging their fingers and ganging-up in their snide comments. That's not on in my book.

Now I feel like I'm going to be have to be careful about what I post as there isn't the 15 history MN can look at and say 'no op isn't a troll, she's a long time poster'

That's irrelevant surely? Isn't it all to do with ISP addresses unless you are only ever posting on mobile data from a smartphone. MNHQ can spot PBP's and trolls etc from ISP addresses. So in that way, they will know you are legit. (Unless I have this totally wrong...)

@Roussette I only ever post from my phone. And in any case, I have to reset my router quite a lot so my IP address does change often.

And just because someone hasn't been flagged troll already doesn't mean they aren't a troll.

I suspect there are way more trolls on mn than we realise!

Totally agree with you LyingWitch. Unless you are severely compromised because of personal stuff you have perhaps PMd to others, I can't see what the huge problem is. This is not a hacking, this is a software issue, and it is internal and not outside dodgy influences.

I haven't had an email (yet). I presume from that, that means I haven't been breached. I'm none too worried because I don't talk very personal stuff on here, I'm wary.

This will not go down well if I say it but still.... I think there's been an element of sticking the boot in, AFAIC there will be a lot going on behind the scenes. Whatever is happening would never be enough for some MNers.

I guess after a few months you build up a pretty clear post history and it would be obvious you're not a troll but until then I don't feel like I could post on a poo or period thread lol!

wires my IT knowledge is limited... in fact I encapsulate 'a little knowledge is dangerous'.

Totally get you on the phone.

Re the router, I thought resetting it doesn't change your ISP address. I thought that was unique in that it will still be obvious to a Company who you are and if you have been on here before. As I said, I may be wrong!

Christ ,seems I've missed all the chaos !

I've just caught up & read through all the threads ...have to say @Roussette ,I agree with you ,especially

"This will not go down well if I say it but still.... I think there's been an element of sticking the boot in, AFAIC there will be a lot going on behind the scenes. Whatever is happening would never be enough for some MNers."

Seems not even Nightwatch are safe from the kicking, I'm a little shocked tbh .
Oh well ,nice to know we are appreciated
< puts gin on ice >

WatcherOfTheNight, I defended you all a bit upthread (14:10 today) to say that you don't have any powers to get involved in any Tech related stuff and that you're there to keep an eye on overnight trolls or spammers!

I think that some MNers have absolutely no idea about you 'overnight volunteers'

I'm sure you all do a sterling job

Completely agree with Lyingwitch

People enjoy dramatising stuff like this though. It is shit that it happened and the people who it happened to have every right to be worried and angry, but some people seem to just enjoy sticking the boot in. As Roussette said whatever MNHQ do now will not be good enough for some.

For a breach of personal and sensitive data of this type there should be regular updates on a schedule (even if the update is 'still working on it no material changes this last two hours).

I personally don't want to be updated that there are no changes. Posting updates regularly letting us know they are still working on it is pointless. We know they are working on it, we don't need reminding of that. We know that there has been no more incidents since they reversed the new software and we know they are checking to see if any other user's accounts were wrongly accessed. What else do you need to know right now?

Wotcha, Watcher

Agree with you and Rousette. And thanks HankNPat for speaking up for us

*SORRY TO SHOUT BUT CAN SOMEONE PLEASE EXPLAIN TO ME HOW I CAN CHECK THIS?? Fair to say tech isn't my strong point but I'd like to lean how I can check this?

TIA

I think there's been a few trolls/GFs on these threads as well. Whipping up a frenzy, frightening other posters, and taking the opportunity to get some really nasty swipes in at MNHQ and Justine. It's always the same.

And that does not mean I am downplaying the potential seriousness of this breach, just that there will always be people who take advantage of a situation for their own agenda

Check what?!