Did something actually happen on Sunday night?

[woodenbatandball]

I was reading a post that said the site was infiltrated with child abuse images on Sunday under some kind of attack.
Lots of people hadn't been online to see this but some said they did. The thread was then deleted and there has been no explanation. And the media is silent about it. Can anyone confirm if this actually happened and if it did, why aren't Mumsnet commenting? All seems badly handled for Mumsnet not to comment either way.

They have commented on it on a thread in Site Stuff. It has been reported to the relevant authorities.

But this is HUGE. I think it's highly irresponsible to just keep deleting threads about this without commenting or signposting. They need to release an official statement. It puts everyone on this site in a vulnerable situation. What are they doing to rectify the problem.

Uploading photos has been disabled

They’re deleting threads to keep everything together which makes sense. If you find the thread on site stuff (title is about the night watch) you’ll see what mnhq have said about it all.

I saw them and I'm sick to death of people who didn't see them starting thread after thread about it. As if it wasn't horrific enough for those who suffered but to be constantly reminded. Just stop. Please.

The thread discussing it has statements from MNHQ and is right next to this one in site stuff. Not sure why you started a separate thread!

There's a long thread about this already on Site Stuff with updates from MNHQ.

https://www.mumsnet.com/talk/site_stuff/5266690-its-time-to-rethink-the-night-watch-volunteer-system

No need for another thread.

@LastNightMyPJsSavedMyLife whilst I appreciate your situation. I think those two f us who didn't see them should expect some formal statement clarity from Mumsnet. Online safety is massively important and this feels more damage limitation from Mumsnet than trying to protect any of us. If someone can spam the account with horrific child abuse images what else can they do, access our personal details?

@foxandbee where is it? If Mumsnet actually made it obvious and had highlighted it on their homepage there wouldn't be so many threads. This isn't just someone spamming swear words.

@Futurename unless I'm a mind reader how the hell would I know this thread refers to class a child abuse images that were plastered all over the site

And I still can't find the official comment from Mumsnet. If anyone can signpost it to me. Pretty disgusted that they have tried to bury this blatant security breach.

To be fair, it's far from obvious from that thread title what it refers to. If I hadn't been online the morning after and clicked on one of the deleted threads with more obvious titles I wouldn't realise that that's the thread with the answer to the OP's question.

I do think that MNHQ should have also posted a locked pinned thread on site stuff titled something obvious like
"MNHQ response to the shocking posts on Sunday night and temporary removal of image posting"

I get the anger. But why are you suggesting it's a security breach? There isn't a suggestion that user details were compromised. Someone/several people/a spambot posted foul criminal images to threads.

It wasn't a security breach though was it - posting photos is/was allowed.

I agree with you. A response from MN in a Site Stuff thread about the night watch system, which most of us wouldn't read, isn't enough. It isn't a proper announcement.

I didn't know that they'd disabled uploading photos. I still haven't seen any post from MN saying they've done that, only thread replies from MNers saying it. I might well have tried to upload something to a completely innocuous topic like gardening, and wondered whether there was some fault with the site. So I could have inadvertently started another thread about this issue.

Thank you @UnstableEquilibrium really appreciate it. Feel like I'm going mad.

And if being able to post horrific images of child abuse isn't a security breach I don't know what is. Especially if it is a SPAM bot. The fact that Mumsnet are deleting perfectly reasonable threads talking about this (when they let the majority of 'repeated' threads stay up suggests they want to bury this and hope it goes away, which in hand suggests they don't want anyone to find out about it because it will affect their advertising revenue. I think it's a piss poor PR job and if they don't release a more prominent statement really shows how much Mumsnet actually cares about its customers.

There are numerous spam posts today. Even without posting pictures, with new registrations obviously being open, still very easy to post whatever someon intends to post. Just change format from a pic. So I would strongly discount clicking any links including legit looking ones

@FictionalCharacter thanks for your measured reply. It's insanity.
I've worked in content before and their handling of it is appalling.
I read one perfectly reasonable thread about the topic last night and they deleted it without any explanation. It made me confused to think if anything had actually happened and I'm genuinely none the wiser. Mumsnet please treat your members with a bit more respect and respond officially in a visible place.

Weirdly this feels like you've missed some gossip and are feeling left out.

If you are actually angry and disgusted with mumsnet handling's of the situation may I suggest you delete the app and log out?

Instead of digging for media stories and reports from other posters.

It's not the breach in the way you think it is though. Think of it as plastering lots of posters on the outside of a bank vs breaching the bank. Scary yes but unlikely to be a risk to your data inside

It's fairly easy to create multiple accounts, and post anything (hence there is spam about all sorts of things at times with multiple crypto coin, scam hair dryer threads popping up), even for someone with zero tech know how.

Last week I could have set up 60 accounts and started spamming with pictures of my dog. It would of taken a while for it to be noticed that multiple threads and comment replies under different usernames were duplicate. I wouldn't have access to anyone's personal data and would have the same account access as everyone else.

This then for professional spammers they do this automatically, simply by having a computer auto generate account info, and posts (no different to when a computer auto fills a form for you or helps randomise your password)

This happens with all websites with co ordinated spam attacks. The tricky thing is that I don't believe that the night watch here have many powers to look at blocking site wide functions, or identifying ip addresses etc. Lots of sites also only allow posters to create a certain amount of activity in a short period, and prevent new accounts from posting photos.

On a site I used to admin, I could turn on controls to limit how often someone can reply, add new keywords to prevent posts with those words from auto publishing etc. I'm not sure night watch have that

Obviously the imagery is completely horrendous and it's right that some sort of statement Is made, police involved etc and longer term review of site safety but the idea the personal data on the site has been breached is likely incorrect

People don’t need to keep bringing it up all the time. It wasn’t a spam bot it was a disgusting individual who decided to post pictures. It’s been dealt with and that’s the end. Frankly if you don’t like the way it’s been handled then leave . You’re acting as it’s the end of the world , it’s not and it was easily remedied.

I think what people are saying is that the idea of your personal data being at risk is unlikely
There is no evidence atm that they were doing anything outside of something a normal account could do. It's right that's reviewed but it's unlikely to be a security threat

I've no idea why my other post was hidden but the best thing is they sort it with police rather than allow mass speculation

It might also generate a review of who can post pictures, how many and how the site is managed overnight

Well, yeah. Mine was one of many emails addresses and passwords released by a hacker a few years ago.
I now use an email address for this website that I never ever access, so I miss replies to reported threads, etc.
Do you have other personal information on your profile other than email and password?