Mumsnet data breach - please read

[JustineMumsnet]

As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts

What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.

Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.

How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.

Thanks to all who brought this to our attention.

Justine

Thanks for the email @MNHQ 😆

Donmesswime, you were the earlier poster who was trying to stir with another poster and frighten them. Now you're just trying to provoke again. Pathetic.

You have no idea what's going on behind the scenes, none of us do so why not let MNHQ get on with it without sniping at them.

... and calling posters 'honey' is just creepy.

"honey" ?? Have no idea what vibe you were going for but it landed in embarrassing...

I received an email to say that although I had accessed someone else's account, nobody had accessed mine.
Thanks MNHQ

Zoflo how can that be? Apparently the glitch was that two users logging in simultaneously were switched accounts. If you accessed someone's account, they accessed yours.
Either the story that we've been told is not true, or MN are lying to you about someone not accessing your account.

I haven't received any email from @MNHQ about the breach. Is one going to every registered user?

So are you saying that 23 pairs of users logged in at the exact same time over the three day period? Because that's not believable honey.

You sound ridiculous!

Want a job Michael?

Stop it with the creepy honey thing, who are you talking to like that Don ?

I say again, everyone is supposed to gettinthe generic mail stating the OP here. Boron, but why oh why is it taking so long, serious system issues.

Are you actual spam Lowe ?

A joke now

I thought the job offer was a joke. The spam is just in poor taste.

You could anybody mlowe and who would click a link from a random?

If you think MNHQ would want your services then maybe get in touch with them directly? I'm sure you could find the 'contact us' button without too much trouble given your skills...

... or educated.

Good comeback Witchin to rude and unnecessary ageism.

Someone who had been old enough to drink at the outbreak of WW2 would now be 98 so it's hardly ageist to say they are very old. I don't see what education has to do with it.

@Zoflorabore but that makes no sense

MNHQ have said any two users logging into their accounts at precisely the same time may have had their account info switched. (in their FAQ)

So how can there have been an info switch, if you have logged into a different account but not had the other person in yours?

What about WW1 then since you mentioned TWO world wars?

It was intended to be a bit of a jab so why not just take it on the chin instead of making yourself look a bit of a twit?

I wasn't born until many years after WW2 and I still know quite a bit about it. Many people do. Lest we forget...

Ooh god I'm so dozy I hadn't realised that!

Yes the email from HQ stated exactly that.
I will go and screenshot it.

What's with that weird honey shite this isn't feckin nethuns

A screenshot would be most useful, as it sound like the complete opposite of what they say has happened. Although you might have more luck in their new FAQ thread. They seem to be replying much more frequently there.

www.mumsnet.com/Talk/site_stuff/3502660-Mumsnet-Data-Breach-FAQs?msgid=84795548#84795548

Here we are

The email says may have logged into another users account

@zoflorabore, did you log into another account, and if so can you remember the user name?

Yes I did but it was a user account and I only noticed when I went to "threads I'm on" and there was nothing at all. I usually have at least 5/6.
I was on my mobile but not on the app, have never used the app. Wish I had screen shot it. There was nothing identifying that I saw.

The only weird thing was I never leave my details logged in but I was able to get straight on the site by auto filling.

Eeek not good then zoflora, I would definitely report the issue / repost on the other thread (FAQ) to make MNHQ and others aware. Very baffling that they say you didn't have anyone access your account, when you yourself have been on someone else.