Mumsnet Data Breach - FAQs

[JustineMumsnet]

As lots of the same queries re the data breach are reappearing we've made an FAQs page Do let us know if there's anything important we've left off. We'll keep updating this document as soon as we have further any further info. Thanks.

EDITED BY MNHQ AT 17.15 ON FEBRUARY 8: We're now as sure as we can be that the total number of accounts affected by this breach was 46. We will be contacting these users within the next hour or so.

The explanation of duplicate username showing in the history doesn't apply to me,
I have never gone back to a old username but it shows twice and out of order when I would have used it.
This never showed twice before so why now after the data breach?
Very worried about this data breach

@justinemumsnet re the usernames appearing twice on settings - I have just checked mine and it appears three times? Is this right and is it connected to the breach?

Oh yes, I see, I didn't know posters would use anything other than the actual name for an email

Have a look about 12 posts up smother you'll see "@hank" used, the poster being tagged is actually called "HankNPat so won't get the @ mention email, if there is a poster called just "hank" they will get an email and wonder what is going on as they haven't posted on MN for 5 years (for example). They may think it's something sinister when it's actually simply that someone doesn't understand how tagging works

I don't know what is going on but now the duplicate username is not showing.
This isn't filling me with confidence

Thank you (and apologies) to all those reporting username problems. If you could email [email protected] to let us know then we'll be able to ask our tech team to look at each specific case.

Yes I see caught I abbreviate all the time but not to an email alert!!! Blimey, how annoying for that user receiving, I've never noticed that before!

It was me who did that, by mistake. I wouldn't normally either, I'd just bold the name. Tbh, though, the number of MNers reporting an excessive number of these emails over the last few days suggests to me something a bit over and above.

I'm going to wait and see if things settle down now, as so many small aspects of the site's functionality seem compromised atm. I'll take a view after that as to whether I'm comfortable here anymore. Now that I realise the 'upgrade' was related to making MN a cloud-based service, I'm going to have a complete rethink of how much I participate anyway.

Hope things settle down for others.

MattFreis, yes, I got that the way your username list is laid out has changed three times since the breach. Admittedly I didn't get around to checking mine 'til early Saturday morning, but it was already showing in chronological order of each time I've used each name over the years.

I agree with PPs who feel there are probably more glitches which are now baffling MNHQ - and us.

I changed my registered email address after the incident was announced, but then got completely locked out and neither of the email addresses I have used will allow me access. What do I do about that?!

I have re-registered and didn't have any personal data on the site but did use different names to stop me being identified from my posts. I don't want anyone to make the connections.

Thank you for your honesty at 15.43 Justine. It does help.

Thanks for all the feedback on the nickname history list.
To the best of our knowledge, there is no link between how your nickname list looks and the login issue that affected 44 accounts.

After people raised the issue, we released a software change on Friday to simplify the list, which should account for any changes you’ve seen. This took out some duplicates, but not all.

Having looked at it again this morning, we agree that having any repeats of nicknames is unclear. We are releasing a further change to the software that should make the list a simple summary of known nicknames associated with your account. We will add this info to the FAQs page.

We notice some users are reporting seeing nicknames they don’t believe they have used before. In these cases, please email [email protected] and tell us which username is wrong, along with a screenshot, and we will look into this as a priority.

Thanks Nellmumsnet my list is now back to its former state.

I guess you already know tat you need to report this to the ICO and also possibly CISP will need to know. Do not ignore either of these - and serious breaches can incur fines of globa turnover - and you dont want that.

Hello, we have investigated and now have an answer to the password questions posted by @Latinfortelly @tavannach @AwdBovril @BBInGinDrinking @MattFreisWeatherReport.

This issue turns out to have been a separate problem — it is not related to the breach. We have just released a software change to fix it.

In a previous upgrade, we made changes to the Account settings page on mobile that meant you got a mistaken “You have been successful” message when you tried to change your password.

The password change has always worked properly on desktop browsers.
We have now implemented that functionality on mobile.

Thank you for flagging the issue to us.

governess I guess you've not read the updates or received an email then?

NellMumsnet, thanks, I can also confirm my username list is now back to alphabetical - with no duplications (that I've noticed!). And, of course, nobody else's NNs have crept onto my list (they hadn't anyway). Much appreciated.

governess, if you check out the FAQs page, which NellMN linked to, MNHQ have stated that they reported themselves to the ICO on Thursday - see screenshot.

@Temporaryanonymity

I often get an email telling me that someone has mentioned me on a thread, but when I go there it isn't me. I thought it was a weird quirk but I am thinking it might not be now.

Thanks for flagging this, @Temporaryanonymity - we can see that a number of people have asked about it, both here on this thread and in emails to us.

The issue here is that when somebody partially @ mentions someone's username and that name matches with a real user's current or previous username, it will send that user a notification.

This isn't a bug and it's not related to the data breach in any way, but obviously it's causing some problems when the wrong user is notified.

To resolve this issue we have a proposed workaround which will mean that people can only send @ mentions to other people posting on the thread in question - we'll update you here as soon as this fix is released, but it should be within the next few days.

Long term we have a more sophisticated solution which will auto-suggest a username, but for now we hope this temporary workaround will help.

That's useful Joannemumsnet ! Both!

Thanks @NellMumsnet but I'm not using a mobile. I'll try it again later though.

@JoanneMumsnet - that workaround would then make it impossible to point someone to a specific thread.

Especially given that it's impossible to generate a link from the app (unless you go through a complicated process of emailing it to yourself to then generate a link that you can copy & paste) so the easiest thing to do is "shout out" from the relevant thread via the @ user name .

@joannemumsnet

You have much bigger issues that worrying about posters who don't understand how tagging works, seriously don't waste your time on workarounds for grown adults who can't type a username properly, that can't possibly be anywhere near the top of your to-do list imo

@JoanneMumsnet ,I was just going to say what @prettybird has regarding @ function .
Also,would that mean we couldn't @ anyone at HQ if they've not commented?

Would it be possible to have something that gives users who've posted on thread as the first option? Like an autocorrect would ?Then we would have the option to ignore the prompt if need be & still @ whoever we want to point to the thread .

I also think its something that shouldn't take away from bigger issuesas its totally unrelated and is down to user error, not only that it removes functionality that others benefit from, like pointing to a thread (when dynamic linking doesn't work), but then that's a separate issue being able to post dynamic links, that actually is an ongoing issue.

I'm starting to wonder if the issue I had a few months ago was a pre curser to this one and that MNHQ should have taken it more seriously and looked deeper.