Mumsnet data breach - please read

[JustineMumsnet]

As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts

What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.

Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.

How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.

Thanks to all who brought this to our attention.

Justine

Anyone else noticed how this is being hijacked by the anti-trans brigade?

It’s not. People are noting that trans rights activists have made threats to ‘dox’ MN posters in the past, with a previous security breach having been enacted by a trans rights activist, and are noting that a privacy fuck-up such as this would have provided considerable identifying information to those with a self-professed interest in doxxing.

You understand why this is a legitimate concern, surely?

I had to create a new password yesterday. What does this mean. I was locked out this week

[quote SophiaLovesSummer]**@JustineMumsnet* I know I was logged in over that time - can you please confirm that you absolutely will be letting me know if mine was breached? IE that your investigation has a goal outcome that includes ID'ing all and any affected accounts; ditto that every person affected will be informed?*
?[/quote]

Yes our intention is to try to find every incidence where there was a synchronised login and then to check each of those login histories with a view to uncovering if there was a breach and letting the user know immediately if so.

Anyone else noticed how this is being hijacked by the anti-trans brigade?

Oh fuck off.
There is a group of people who have had threats made towards them and their families by people who may now have access to them in Real Life.
Of course people are going to be concerned.

I don't understand any of this.
I had to log in today after I had left myself logged in.
All I want to know in simple English is how am I affected and do I need to do anything.

Is it possible to delete our accounts and clear all history?

I didn't have to log back into the app this morning, anyone else?

Should I be concerned? I'll log out and back in just in case anyway.

Oh piss off subscribe. People have mentioned the TRA movement because mumsnet users have been actively THREATENED WITH PHYSICAL HARM by members. A data breach actively exposes them to doxxing which potentially puts them at risk of those threats following through into an RL attack.

Just as people who have posted about domestic violence or other violence may have posted about their situation and now may be at risk of their attackers finding them through a data leak.

Not sure if it is at all connected, but my android wouldn't let me log in at all last week - I was putting in password and it wouldn't log in when I clicked to. I tried a few times over 2 days and gave up.
It's actually meant I'm posting less, which has been a positive for me!

Sorry, just read the post about the app.
That'll teach me to RTFT

I was logged out this morning. I had left my PC for an hour or so, but left the MN page i was on up, came back and found i had been logged out.

@BBInGinDrinking

MNHQ believe it's the software change, but don't know for sure?

We're pretty certain of this, yes (and as said there have been no problems since we reversed the change). We should be able to confirm it unequivocally in due course, but we do think we should rule out every possible other explanation and leave no possible stone unturned before we say we're 100% sure.

My email has been hacked today. Could this be connected too mn data breach?

I don't understand any of this.
I had to log in today after I had left myself logged in.
All I want to know in simple English is how am I affected and do I need to do anything

^This 100%!

I've had that since december @LonelyandTiredandLow.
I've only been able to log in via the 'confirm your email' message from MN in my emails

So is my information safe or not?

Read the thread.

If you were logged in between 2pm of Tuesday 5 February and 9am on Thursday 7 February, then No your data is probably not safe!

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

@JustineMumsnet I'm concerned about something in Advanced Searching that I found out yesterday.

I'll report this post and let you know the details off thread. Please could you take a look?

@JustineMumsnet

Can you address the poster who changed their password on their PC but is still logged in and able to post on the app? A change of password should force logout on all devices.

We're pretty certain of this, yes (and as said there have been no problems since we reversed the change

That's not true. Posters have informed you that they were able to log into the forum using just an email address, no password. Does that not count as a problem?

@whatthenightbrings I’ve had similar problems this morning

@Limensoda

I don't understand any of this. I had to log in today after I had left myself logged in. All I want to know in simple English is how am I affected and do I need to do anything.

You do not need to do anything. We have reversed the change that caused the problem. We are investigating which accounts have been affected - we don't think it's many and we will contact you if we think it is yours.

There is no evidence that anyone who's account was switched has done anything malicious but of course we cannot be sure until we tracked down every incidence and contacted the affected posters. If you're at all worried please [email protected].

Mumsnet have said that everyone was forced to logout this morning as part of sorting this problem. If that happened to you then it's part of the cure (hopefully)

I've not been forced to log out this morning, Safari ipad. I did have to on my phone (not the app).

I've not been asked to log in again??? Why???? 🙄 🙄 🙄 🙄 🙄 🙄 🙄

Presumably if it was TRAs, they'll soon be boasting all over Twitter so it'll be easy for them to be identified and reported to the police.

wedgie
I'm
Probably being thick but i can't work out that the problem.was logging in over that time period being the problem

Or whether if you are logged in permanently and disbt log out and were logged in till the forced log out this morning then you could be affected..

Which is it