Parenting site Mumsnet hit by data breach

-

Parenting site Mumsnet hit by data breach


Mumsnet breach message



Parenting site Mumsnet has reported itself to the UK's data protection watchdog after an upgrade let some people see details of other accounts.
In a message placed on the site, it said the problem occurred between 5 and 7 February.
Accounts got mixed up if two users logged in at exactly the same time, said Mumsnet founder Justine Roberts.
A total of 46 users were breached, the site said, but no passwords are said to have been exposed.
"You've every right to expect your Mumsnet account to be secure and private," wrote Ms Roberts. "We are working urgently to discover exactly how this breach happened and to learn and improve our processes."
Some of those affected sounded the alarm to Mumsnet early on 7 February that they could view other accounts.
Those affected would have been able to see information including:
  • email address
  • account details
  • posting history
  • personal messages
Mumsnet said it had now reversed the software update that caused the issue. It has also forced all users to log out so anyone still lurking in another user's account would be removed from it.
The ICO said it had received the report from Mumsnet and would be looking into the incident.
Presentational grey line

Analysis by technology reporter Zoe Kleinman

Mumsnet tends to make the headlines for light-hearted reasons.
Often it is a result of some of the more bizarre issues raised by members of the parenting site on its chat forums (the "penis beaker" is the stuff of legend, look it up) and the head-scratching acronyms such as AIBU (am I being unreasonable), DC (darling children) and LTB (leave the… you can guess the rest).
However, it is also for some women the first platform they turn to for help and advice on a number of deeply personal issues: intimacy, abuse, domestic violence, miscarriage, adultery, loneliness, their children's special needs.
They worry about being identifiable to fellow "mumsnetters" who may know them in real life, and even their partners stumbling across their posts. The trust they put in Mumsnet to protect their privacy - and perhaps as a result their safety - is considerable.
The idea of writing these posts or private messages while accidentally being logged on as someone else is genuinely concerning and while it's a relief that it does not appear to have affected many people, the disclosure will be worrying for some.

Comments

Post a Comment

Popular posts from this blog

These Are the Countries With the Best and Worst Cybersecurity

-
Image
Cybersecurity is a growing concern among governments, businesses  and  individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford  identified 57 different impacts  that cyber incidents can have. They ranged from regulatory fines to depression to damaged relationships with customers. According to a report by Cisco,  more than half of organizations  face public scrutiny after a cyberattack and 22 percent lose customers. Like with any threat, some countries are better at dealing with cyberattacks than others.  A recent study from technology research company Comparitech  looked at cybersecurity around the world and scored 60 countries on their cybersecurity practices. The study found significant differences in how well nations are protecting themselves. The results revealed that every country had room for improvement, however. The Study’s Methodology The study looked at seven criteria, giving e
Read more

New Expectations for Mastering Data with Machine Learning

-
Image
New Expectations for Mastering Data with Machine Learning Despite improvements in technology, implementation of master data management (MDM) solutions have long been a known pain for many organizations pushing to improve data quality and competency. The source of this pain is often due to the fact that traditional MDM solutions solve the data mastering problem using deterministic, rule-based approaches that do not easily accommodate nor scale for the increasing flow of messy, diverse data coming from disparate data systems. Faster technology has not been able to remove this pain, but it can be relieved with a fresh approach to MDM. In previous blog posts, my colleagues have examined in detail this new approach while explaining the need for organizations to adopt an  agile approach to the data mastering problem , as well as why this approach is critical to an  organization’s digital transformation . Tamr’s API-driven, machine learning capability makes agile da
Read more

Cybaze-Yoroi ZLAB revealed interesting a hidden connection between the AZORult toolkit and specific Gootkit payload.

-
Image
Introduction In the last days, a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletin  N020219  the attack waves tried to impersonate legit communication from a known Express Courier. However, a deeper analysis by  Cybaze -Yoroi ZLAB revealed interesting hidden aspects, spotting a connection between the  AZORult  toolkit and a particular  Gootkit payload. Technical analysis Stage 1 – The Attached Javascript Most of the infection attempts started with a particular email attachment: a compressed archive containing stealthy JavaScript code, most of the times able to avoid antivirus detection during the initial stages of the attack campaigns. Hash 12791e14ba82d36d434e7c7c0b81c7975ce802a430724f134b7e0cce5a7bb185 Threat malicious js Desc Obfuscated malicious JS. This download first component and keep communication with C2 server. Table 1:  Generic information about malicious js file This JS file is an obfuscated dropper wi
Read more