Mumsnet Suffers Data Breach After Botched Upgrade
Users of the popular parenting site found themselves accidentally logging in to strangers’ accounts after a forum software upgrade.
Mumsnet users were accidentally being logged into other users’ accounts due to a bug in a recent software update.
The glitch meant that for three days, if two users tried to log in at the same time, there was a chance that their accounts would be switched.
The switched users were able to post from the stranger’s account, read their private messages, view their post history, and view their account details. The company has stated that the accidental interloper would not have been able to see the user’s password, and would not have been able to change it.
On its site, Mumsnet stated that it is investigating the logs and hopes to know definitively very soon how many accounts were affected. Mumsnet has confirmed to DIGIT, that of the 4,000 accounts that were logged into during that three day period when the bug was live, a total of 46 accounts were breached.
Mumsnet founder Justine Roberts apologised to users on the forum, saying: “You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes.
“We will also keep you informed about what is happening. We will of course be reporting this incident to the information commissioner.” The company confirmed to the Gaurdian that it had reported the incident to the ICO.
This is not the first time the parenting site has had to report itself to the ICO. In 2018, a disgruntled paid intern posted the IP addresses of forum users on Twitter in a dispute over transgender rights, however, the company said it believed the content had been published accidentally by the ex-employee.
In 2014, the site suffered a serious cyber attack which saw 1.5 million of its user account compromised by the “Heartbleed” bug. The site was also hacked in 2015 by a teenage school boy, David Buchanan, forcing the site to reset the passwords of 7.7 million members.