Mumsnet admits users' emails and passwords accessed via Heartbleed bug

Mumsnet has admitted the 'Heartbleed bug' had been used to access data from its users' accounts in an attack that has exposed members' usernames, emails and passwords.

Heartbleed: affects Mumsnet members
Heartbleed: affects Mumsnet members

The Heartbleed bug affects websites running SSL encryption. It exposes the private information entered by users into websites, applications, web email and instant messages.

A patch for the bug was announced on Monday 9 April and Mumsnet has admitted it became certain it had fallen victim to a hack when someone used the username of founder Justine Roberts to post on the site on Friday (11 April).

Mumsnet claims it became "aware of the bug" on Thursday and ran tests to detect whether its servers were vulnerable. It then "applied the fix to close the OpenSSL security hole".

Roberts points out that the hacker could have accessed the site's data before the patch for the bug was released, but believes it is most likely they would have accessed the data between Monday and Wednesday.

However, it emerged that users’ data was accessed before the fix was complete and as a result the site asked all its users to change their passwords over the weekend. The old passwords will no longer work.

In an email, Mumsnet addressed some users' concerns. It said: "You say they accessed Mumsnet users’ data: did they access data from my personal account?

"We have no way of knowing which Mumsnetters were affected by this. The worst case scenario is that the data of every Mumsnet user account was accessed. That’s why we’ve required every user to reset their password.

"What data did they see? The bug allowed access to the information submitted via the login page. So that includes your username or email plus your password.

"It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone’s account being used for anything other than to flag up the security breach, thus far."

Cannes Offer: 12 weeks' online access from just £12

Subscribe to Campaign before the end of Cannes Lions and save up to 71%

SUBSCRIBE

Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an Alert Now
Share

1 Publicis Groupe withdraws from marketing and awards to focus on AI-powered platform Marcel

Publicis Groupe is pulling out of all marketing activity for the next 365 days - and won't be entering awards at Cannes next year - as it focuses its resources on developing Marcel, described by chief executive Arthur Sadoun as a ground breaking new platform.

Job description: Digital marketing executive
Shares0
Share

1 Job description: Digital marketing executive

Digital marketing executives oversee the online marketing strategy for their organisation. They plan and execute digital (including email) marketing campaigns and design, maintain and supply content for the organisation's website(s).

Just published

More