Mumsnet admits users' emails and passwords accessed via Heartbleed bug

Mumsnet has admitted the 'Heartbleed bug' had been used to access data from its users' accounts in an attack that has exposed members' usernames, emails and passwords.

Heartbleed: affects Mumsnet members
Heartbleed: affects Mumsnet members

The Heartbleed bug affects websites running SSL encryption. It exposes the private information entered by users into websites, applications, web email and instant messages.

A patch for the bug was announced on Monday 9 April and Mumsnet has admitted it became certain it had fallen victim to a hack when someone used the username of founder Justine Roberts to post on the site on Friday (11 April).

Mumsnet claims it became "aware of the bug" on Thursday and ran tests to detect whether its servers were vulnerable. It then "applied the fix to close the OpenSSL security hole".

Roberts points out that the hacker could have accessed the site's data before the patch for the bug was released, but believes it is most likely they would have accessed the data between Monday and Wednesday.

However, it emerged that users’ data was accessed before the fix was complete and as a result the site asked all its users to change their passwords over the weekend. The old passwords will no longer work.

In an email, Mumsnet addressed some users' concerns. It said: "You say they accessed Mumsnet users’ data: did they access data from my personal account?

"We have no way of knowing which Mumsnetters were affected by this. The worst case scenario is that the data of every Mumsnet user account was accessed. That’s why we’ve required every user to reset their password.

"What data did they see? The bug allowed access to the information submitted via the login page. So that includes your username or email plus your password.

"It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone’s account being used for anything other than to flag up the security breach, thus far."

Subscribe to Campaign from just £57 per quarter

Includes weekly and quarterly print issues, plus unrestricted online access.

SUBSCRIBE

Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an Alert Now
BBH deputy ECD Caroline Pay exits
Share

1 BBH deputy ECD Caroline Pay exits

Bartle Bogle Hegarty has parted company with its deputy executive creative director Caroline Pay and has promoted Ian Heartfield, creative managing partner, and Anthony Austin, chief executive of Black Sheep Studios, to take over as joint deputy ECDs.

Look out for the invisibles and introverts in your agency
Shares0
Share

1 Look out for the invisibles and introverts in your agency

By cultivating a clubbable culture, agencies are ostracising talented introverts, writes Andy Jex, the executive creative director at Saatchi & Saatchi London.

Just published