Parenting site Mumsnet suffers data breach following upgrade
| Users data exposed as breach allows members to view each other’s account information.
Mumsnet, the UK-based parenting website has reported a data breach to the Information Commissioner’s office (ICO).
Apparently, the breach allowed dozens of users to view each other’s account information.
Mumsnet is a website for parents in the UK. It hosts discussion forums where users share advice and information on parenting and many other topics. Mumsnet also has a Bloggers Network with 5,000 registered bloggers and a network of 180 local sites run in partnership with local editors.
In a notice posted on its website, the company said that there was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February. A total of 46 users were affected, but no passwords are said to have been exposed.
The firm said:
During this time, any two users logging into their accounts at precisely the same time may have had their account info switched”
A bug in the software for a new user service released on Tuesday 5 February was the cause, Mumsnet said.
We reversed that change on the morning of Thursday 7 February. Since then there have been no further incidents.
In a message placed on the site, Mumsnet founder Justine Roberts said:
You’ve every right to expect your Mumsnet account to be secure and private, …We are working urgently to discover exactly how this breach happened and to learn and improve our processes.
Users data exposed
Some of those affected sounded the alarm to Mumsnet early on 7 February alerting users data exposed, meaning that they could view other accounts.
Those affected would have been able to see information including:
Mumsnet said it had now reversed the software update that caused the issue. It has also forced all users to log out so anyone still lurking in another user’s account would be removed from it.
The company tried to reassure its users that the data breach was not as wide spread as some media reports had suggested.
Contrary to some headlines we do NOT think ‘thousands’ of Mumsnet users are affected. We’re working on positively identifying those affected now but we think it will be much lower than headlines suggest.
The ICO said it had received the report from Mumsnet and would be looking into the incident.
Sources and credits: BBC News