News | Tech

Mumsnet hacked by Heartbleed bug, site's founder Justine Roberts says

 
p30 edition 30.05 Picture by Daniel Hambury.23/5/13.Justine Roberts, founder and chief executive of British website Mumsnet.
Martyn Landi
14 April 2014

Parenting tips website Mumsnet has been hacked as a result of the Heartbleed computer bug, the site's founder has announced.

In a statement, founder Justine Roberts said: "Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole. However, it became apparent that users' data submitted via our login page had been accessed prior to our applying this fix.

"As a result, we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites, particularly if they use the same password on Mumsnet as elsewhere."

The Heartbleed bug is a breach in the encryption used to mask the sensitive data passed between computers and servers when users are online.

The breach has put details such as credit card accounts and passwords at risk.

The flaw was discovered a week ago, having gone undetected for more than two years. Since then, major internet companies have been asking their users to reset passwords once a fix, or "patch", has been installed to the site in question.

Read More

Mumsnet, which has more than one million members in the UK, is the first company in Britain to announce data loss, and the announcement comes just two days after a post on the site's forum informed users that all passwords would be reset as a security measure.

Last week, blogging site Tumblr urged all users to change their passwords immediately to prevent personal and sensitive data being stolen.

The Institution of Engineering and Technology described the Heartbleed bug as a "serious software defect", while independent online security expert Bruce Schneier said "On a scale of one to 10, this is an 11", when news of the defect first appeared last week.

Mumsnet has vowed to keep users notified of any new information they receive.

Ms Roberts said: "The security of our users' data is of paramount importance to us. We collect very little of it, and we never pass or sell it on without people's explicit consents.

"Heartbleed has shown that nobody can offer a 100% guarantee of online security, but we'll continue to do our best to protect our users as much as we can, and be transparent about any breaches we find."

MORE ABOUT

Computers
Computer Virus And Malware
Internet
London
UK