Belfast Telegraph

Thursday 18 September 2014

Mumsnet hacked by Heartbleed bug

Mumsnet founder Justine Roberts has said the parenting tips website has been hacked as a result of the Heartbleed computer bug

UK-based parenting tips website Mumsnet has been hacked as a result of the Heartbleed computer bug, the site's founder has announced.

In a statement, founder Justine Roberts said: "Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole. However, it became apparent that users' data submitted via our login page had been accessed prior to our applying this fix.

"As a result, we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites, particularly if they use the same password on Mumsnet as elsewhere."

The Heartbleed bug is a breach in the encryption used to mask the sensitive data passed between computers and servers when users are online.

The breach has put details such as credit card accounts and passwords at risk.

The flaw was discovered a week ago, having gone undetected for more than two years. Since then, major internet companies have been asking their users to reset passwords once a fix, or "patch", has been installed to the site in question.

Mumsnet, which has more than one million members in the UK, is the first company in Britain to announce data loss, and the announcement comes just two days after a post on the site's forum informed users that all passwords would be reset as a security measure.

Last week, blogging site Tumblr urged all users to change their passwords immediately to prevent personal and sensitive data being stolen.

The Institution of Engineering and Technology described the Heartbleed bug as a "serious software defect", while independent online security expert Bruce Schneier said "On a scale of one to 10, this is an 11", when news of the defect first appeared last week.

Mumsnet has vowed to keep users notified of any new information they receive.

Ms Roberts said: "The security of our users' data is of paramount importance to us. We collect very little of it, and we never pass or sell it on without people's explicit consents.

"Heartbleed has shown that nobody can offer a 100% guarantee of online security, but we'll continue to do our best to protect our users as much as we can, and be transparent about any breaches we find."

Speaking on Channel 4 News, Ms Roberts said: "We have no evidence to suggest any of the data collected has been used maliciously.

"In fact, the hackers themselves brought it to our attention that they exploited the Heartbleed flaw before we put a fix in when it was publicised as a weakness last week."

She said they did not contemplate shutting down Mumsnet, adding: " I suspect over time you'll see many more sites have had the same issue but perhaps haven't been quite so quick to come out with it."

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting? customercare@belfasttelegraph.co.uk

Latest News

Latest Sport

Latest Showbiz