Please or to access all these features

Add post

Watch this thread

Save thread

Start a new thread

Flip thread

Hide thread

My feed

Active Unanswered threads

Getting started FAQ's

Unanswered threads Acronyms Talk guidelines

Hide shortcut buttons

Talk

Start new thread

Flip

1 2

Back to thread

MNHQ

Mumsnet Data Breach - FAQs

28 replies

JustineMumsnet · 08/02/2019 11:49

As lots of the same queries re the data breach are reappearing we've made an FAQs page Do let us know if there's anything important we've left off. We'll keep updating this document as soon as we have further any further info. Thanks.

EDITED BY MNHQ AT 17.15 ON FEBRUARY 8: We're now as sure as we can be that the total number of accounts affected by this breach was 46. We will be contacting these users within the next hour or so.

Go to post

MNHQ

JustineMumsnet · 08/02/2019 11:57

@SparklyUnicornShite

Justine Mumsnet would It be a good idea to sticky this?

Yes we are doing so. thanks

MNHQ

NellMumsnet · 08/02/2019 13:24

Thanks for telling us about the duplicate nicknames. We're working really hard to understand the issue and whether or not it's related to the breach. We'll post an explanation as soon as we can.

MNHQ

NellMumsnet · 08/02/2019 13:43

Here's an explanation of the duplicate nicknames, and we will add it to the FAQs:
If you have ever gone back to a nickname after using another nickname, it may appear twice in your list of usernames. This is how the site currently works, and is not related to the software released on Tuesday. It is not related to the breach.
If we have time, we will update this, so that in future you get a simple list of nicknames that you have used, with no duplicates.
Thanks again for letting us know about things that are worrying you.

MNHQ

JustineMumsnet · 08/02/2019 17:25

Update: We've now determined that the total number of accounts affected by this breach was 46. We will be contacting those users that we haven't already advised within the next hour. Thanks

MNHQ

LilyMumsnet · 08/02/2019 18:02

@LatinforTelly

Hi, wasn't sure whether to post on this or the other thread. I appreciate you must have a load of questions coming your way, but just to let you know I was forced to sign back in yesterday (all good) and changed my password and then didn't go on mumsnet til right at the end of the day when (on another device) I was still logged out.

Came to sign back in today and it only accepted my OLD password! Why is this? Is it safe to create a new password now?

(I access mumsnet either on my laptop, chrome, or phone, samsung internet, never the app)

I also haven't had an email but I suppose you are still working your way through?

Many thanks.

Hello,

We're going to look into this - thank you for flagging.

MNHQ

LilyMumsnet · 08/02/2019 18:06

@toodlepipp

The incedent seems to have deleted my usual account completely! I had to re register which I have done using my email address which should have said already in use! Also i am still unable to login via the iphone app, even after changing password and deleting/reinstalling app etc

We're contacting you off the boards, can you keep an eye out for an email?

MNHQ

LilyMumsnet · 08/02/2019 18:14

@wallywobble

I have not been able to login into the app using FB and my usual login. Lost password emails are also not arriving for that account. At no point have I received the data reach email.

i can only login using another (this) account and a similar username.

Hello,

Can you mail us at [email protected] with your device and browser? We'll make sure that this is investigated. (Can we just check, is this the android app?)

MNHQ

LilyMumsnet · 08/02/2019 18:21

@NeleusTheStatue

Er..., just noticed an unfamiliar username on my username history... It's not mine... What does it mean? I haven't received any email from MN so I thought mine hadn't been affected. But, having an username that doesn't belong to me on the list means my account has been compromised?

We're going to contact you now - could you keep an eye out for an email?

MNHQ

LilyMumsnet · 08/02/2019 18:27

@OhDearGodLookAtThisMess

I'm back in on my phone, but have been shut out of my account on my laptop. Whenever I try to log in, it accepts my email address but freezes when I enter my (valid and current) password.

Any clues?

We're emailing you now to get more information.

MNHQ

LilyMumsnet · 08/02/2019 18:31

@wireswireswires

I was unable to log in to my account via any platform. Not received any of the reset emails either.

I've just had to make a new account.

Would you mind emailing us at [email protected] with information about your previous account? We're not too sure why you weren't able to access your original account but happy to investigate this for you.

MNHQ

LilyMumsnet · 08/02/2019 18:32

@Londonmummy66

Since this happened I haven't been able to create a bookmark on any threads - a bit annoying when one I'm lurking on is the stolen woodlands why has this happened and is there a way around it?

Can we ask what device and browser you're using?

MNHQ

LilyMumsnet · 08/02/2019 18:44

@WordInYourShellLike

No idea if this is related to the data breach (which I don't think I was affected by, as far as I know) but it's driving me mad! Every time I click on a link, go to a new page, or refresh, a box appears, covering half of the screen , asking for cookies permission. Says it's 'powered by Quantcast'. Every time I click accept then back it is again. Please can you sort this out? Included a screenshot that hasn't come out very well but you can see what it looks like. There is a short thread about this in Site Stuff HERE

Hi WordInYourShellLike

Thanks for raising this. We're pretty sure that this is an unrelated issue to the data breach so we'll investigate over on the other thread (I'll post on it now).

MNHQ

LilyMumsnet · 08/02/2019 19:17

@PennyHasNoSurname

MNHQ. Please can you arrange for all accounts I hold linked to My IP address to be closed with immediate effect?

Thanks.

Hello, please email us at [email protected] and we will assist with your request.

MNHQ

LilyMumsnet · 08/02/2019 22:36

@HaudYerWheeshtYaWeeBellend

I asked this on the other thread.

Yes, sorry, we've only sent mails to those accounts we know for sure were breached. Not to those who were able to log in as someone else yet. It's on our list to do first thing. Name changes shouldn't effect this

I thought the breach was that you were able to log into someone else's account and those individuals had been emailed/PM'd?

Surely you must understand the switched accounts are also breached.

The above post is contradictory and therefore many users are confused. I understand investigations are proceeding, however surely you can see the confusion here?

Hello,

Apologies for any confusion here. We have emailed users who were accidentally logged into an account that wasn't their own.

MNHQ

NellMumsnet · 09/02/2019 09:05

Hello,
Hope we can clarify, now that we have more information about what happened.

This is what happened after the software release on Tuesday:
When two people log in at the same time, there is a very small delay between them (milliseconds), and the first person to login (user A) was sometimes given the account of the second user (user B).
User B logged into their own account as normal; they were not given user A’s account.
This happened on 46 occasions before we reversed the software and logged everyone out.
As soon as we identified all user Bs, we emailed them directly to explain that their account had been breached.
We have also emailed user As to let them know they were accidentally logged in to someone else's account.

On Thursday we also sent an email to ALL users to tell them about the issue. It is taking time to get this email delivered to all accounts as there are around a million.
We used wording like “last night” and “this morning” in the email — this was a mistake, as we expected the emails to go faster. We'll change it for the ones still to go out.

We will also put this information on the FAQs page and the original Data Breach thread.

MNHQ

NellMumsnet · 09/02/2019 10:48

Hello, apologies to those who have not yet received the general email telling users about the breach.
They are going out in batches still (one issue is that if we send them too fast, there's a possibility they’ll be viewed by some recipient servers as an attack or spam).
We will be updating the information going out in the general email -- in line with the FAQs page.
We have identified the affected users and already contacted them directly.

MNHQ

YetAnotherBeckyMumsnet · 09/02/2019 16:29

@rocketromano

Does anyone know if I delete my account and then re-reg with same email will that mean my previous nicknames etc will no longer be accessible/visible.

Your previous usernames will no longer be associated with your email address once you deregister. Do drop us a line at [email protected] if there's anything we can do to help.

MNHQ

YetAnotherBeckyMumsnet · 09/02/2019 17:44

@HaventGotAllDay we're not ignoring you! Sorry for the delay - we've just sent you a mail about your account.

MNHQ

YetAnotherBeckyMumsnet · 09/02/2019 17:47

[quote WhatTheNightBrings]@YetAnotherBeckyMumsnet

Is anyone checking thread reports today?[/quote]

Yes we're looking at and responding to all reports as usual. We've quite a substantial number to get through, however, and so it may take longer than usual to hear back from us.

MNHQ

LilyMumsnet · 10/02/2019 15:42

@MrsSchadenfreude

I've managed to log back in via Safari, but can't do so using Google Chrome.

Hello, we're aware of an issue with chrome at the moment - we're doing our best to resolve it. Apologies for any inconvenience!

MNHQ

JustineMumsnet · 10/02/2019 15:43

[quote CoteDAzur]@JustineMumsnet Have you considered the possibility that someone in your IT team might be sabotaging the system from the inside?

The frequency and frankly shocking level of IT "mistakes" that have happened on here over the years makes me doubt the prevailing assumption that the incompetence of your technical staff is to blame, especially if you really have "12 full time developers" and spend "around £1m per annum on our Tech, product and data teams combined".[/quote]

Hi CoteD,
I'm completely sure no one is sabotaging us from the inside, yes. We have for sure had several nasty IT incidents over the last few years but I'd argue they are quite distinct and unrelated.

The first major issue was around the Heartbleed bug in a widely used piece of software. Many many organisations used this software and were vulnerable because of it - the difference was we went public and forced a password update while others kept schtum.

Then there was the "Jeffrey hack" - which included multiple denial of service attacks when our servers were swamped, a phishing attack to gain access to people's passwords as well as the swatting and bomb threat stuff. This was organised on a board frequented by misogynists who wanted to teach Mumsnet/Mumsnetters a lesson. Our firewall and internal systems definitely weren't as good as they could be (and led to us to invest more heavily in security for sure) but the point is we do tend to attract more than our "fair share" of attacks (we are subject to denial of service attacks most weeks) in my view because we're a female dominated platform.

Then there was the pro-trans intern who inadvertently copied a user IP address and published it when was she was highlighting what she felt were anti-trans voices on Mumsnet. Again our procedures weren't perfect and we've looked carefully at how to improve them but they were far from unusual and the ICO were satisfied that we hadn't been negligent here and no fine was imposed. Unlike many organisations we've never shied away from hosting controversial debates and contrary opinions - it would of course be much easier (and more profitable) to shut those conversations down as many others have done and we'd court far fewer angry responses but we believe passionately in free speech and the power of discourse to help people see other points of view.

This most recent incident was, without doubt, our technical error. We released code that had a flaw and we need to do better. What I would say is that concurrence is one of the things that is hardest to test for, which is why it didn't manifest in our systems testing, but there's no denying we messed up. We should have triple and quadruple checked the code for such an important service upgrade and not relied on testing to pick up a problem. We will most definitely learn from that.

It's also true that the Mumsnet platform isn't as good overall as it could be and we could have made some of these upgrades and invested a bit more in team and infrastructure a few years back when we started to turn a profit. That's my fault to be honest - I was a bit burned by all those early years of struggling to make any revenue from the site and seeing lots of other websites in our space overstretch themselves on costs and go under/ make layoffs - so in retrospect I was slower to invest than I should have been, which has meant quite a few niggles particularly when we've made any updates over the years. And I can only apologise to users for that.

We're absolutely committed to changing that going forward and to becoming a best in class community platform for our users but we're on a journey and it will take a bit of time.

I know this might all sound a bit defensive but I wanted to try to add a bit of an alternative perspective because, well, I think sometimes our tech team are a bit unfairly criticised. I'm not in any way though suggesting we haven't made errors which have understandably led to concern and for which I am very sorry.

MNHQ

LilyMumsnet · 10/02/2019 15:47

@BBInGinDrinking

Have I missed the answer to why password changes haven't been working, MNHQ? Change password, Settings says successfully, but then only the old password works to log in? I mentioned this a while ago on the data breach threads, and I see others have too.

Also, why isn't the Preview button working? Again, others have posted about this.

I have noticed too that threads I have read, which would previously have been highlighted as read, are now sometimes not.

And overnight I kept being repeatedly knocked off the site, (not logged out though), as if MN kept crashing or something. Odd.

Answers on a postcard - or a message in a - to all that please?

Hello!

We're doing our best to investigate the technical issues (sorry for the lack of answers thus far) - can you report your post to us so that we can take a look?

MNHQ

JustineMumsnet · 10/02/2019 15:57

@LynetteScavo

Your previous usernames will no longer be associated with your email address once you deregister

@JustineMumsnet
@YetAnotherBeckyMumsnet

Does this mean if I deregister my user names will be up for grabs?

Honestly, this is so crap, after 11 years I'm not sure I want to be registered any more. I need to know the answer to the above question.

No it doesn't mean that Lynette - if you deregister no one can use your usernames. They remains in our system just not associated with any data.

MNHQ

JustineMumsnet · 10/02/2019 21:39

@WatcherOfTheNight

I'm sure I heard a request over the last few days *@JustineMumsnet* ?

Thank you!

MNHQ

EstherMumsnet · 10/02/2019 23:01

Thank you (and apologies) to all those reporting username problems. If you could email [email protected] to let us know then we'll be able to ask our tech team to look at each specific case.

Watch this thread for updates

Tap "Watch" to get all the latest updates

Flip

1 2