Mumsnet, the UK’s popular website for parents to share advice and information, has suffered a data breach.
It happened between 2pm on Tuesday 5thand 9am on Thursday 2th February, with 4000 users logged in. Apparently, it was caused by a glitch in a software update.
This is what Mumsnet had to say:
What information could have been affected?
If someone other than you logs into your account, they can see your:
They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.
How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (i.e. also affected by a mismatched login), although we know for sure it wasn’t every account.Users have made us aware of 14 incidents and we have contacted the individuals that we know were affected. We are working hard to establish if there were more.
What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.
Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.
What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.
We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. Some of you will be very worried by the possibility that your account has been breached – please mail us on email@example.com if you’d like to discuss your individual account details. This incident will be reported to the Information Commissioner.
[Source: Mumsnet ]
Passwords were safe as they are encrypted. The update has been reversed with no more problems.
MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.