Accessibility options

Mumsnet hacked by Heartbleed bug

Technology news

Mumsnet hacked by Heartbleed bug
Mumsnet founder Justine Roberts has said the parenting tips website has been hacked as a result of the Heartbleed computer bug

Published: 7:21pm, 14th April 2014
Updated: 2:05pm, 17th April 2014

UK-based parenting tips website Mumsnet has been hacked as a result of the Heartbleed computer bug, the site's founder has announced.

In a statement, founder Justine Roberts said: "Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole. However, it became apparent that users' data submitted via our login page had been accessed prior to our applying this fix.

"As a result, we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites, particularly if they use the same password on Mumsnet as elsewhere."

The Heartbleed bug is a breach in the encryption used to mask the sensitive data passed between computers and servers when users are online.

The breach has put details such as credit card accounts and passwords at risk.

The flaw was discovered a week ago, having gone undetected for more than two years. Since then, major internet companies have been asking their users to reset passwords once a fix, or "patch", has been installed to the site in question.

Mumsnet, which has more than one million members in the UK, is the first company in Britain to announce data loss, and the announcement comes just two days after a post on the site's forum informed users that all passwords would be reset as a security measure.

Last week, blogging site Tumblr urged all users to change their passwords immediately to prevent personal and sensitive data being stolen.

The Institution of Engineering and Technology described the Heartbleed bug as a "serious software defect", while independent online security expert Bruce Schneier said "On a scale of one to 10, this is an 11", when news of the defect first appeared last week.

Mumsnet has vowed to keep users notified of any new information they receive.

Ms Roberts said: "The security of our users' data is of paramount importance to us. We collect very little of it, and we never pass or sell it on without people's explicit consents.

"Heartbleed has shown that nobody can offer a 100% guarantee of online security, but we'll continue to do our best to protect our users as much as we can, and be transparent about any breaches we find."

Speaking on Channel 4 News, Ms Roberts said: "We have no evidence to suggest any of the data collected has been used maliciously.

"In fact, the hackers themselves brought it to our attention that they exploited the Heartbleed flaw before we put a fix in when it was publicised as a weakness last week."

She said they did not contemplate shutting down Mumsnet, adding: " I suspect over time you'll see many more sites have had the same issue but perhaps haven't been quite so quick to come out with it."

Advertisement starts


Advertisement ends

Travel offers

Add Add
Incredible Iceland break with a Northern Lights tour
Austrian Alps ski break
5* Spanish wine holiday
Inn on the Lake
Spectacular South Africa tour
The Old Swan
The Rubens At The Palace
Copthorne Tara Hotel London Kensington
Thailand city
Soar Mill Cove

Secret EscapesJoin now for Free

Save up to 70% on luxury hotels and holidays

Halifax credit card

Halifax Credit Card

0% for up to 20 months on purchases

Start your solar journey today

Start your solar journey today

Earn up to £14,000 and help the environment with solar panels in 2014

Skip NHS queues

Skip NHS queues

Protect you and your family with Private Health Insurance. Find the right policy for you.

Deal or No Deal Instant Win

Deal or No Deal Instant Win

It’s just like stepping into the studio of your favourite TV game show. Try demo and see!

Advertisement starts


Advertisement ends