21ST CENTURY MOTHER’S MEETING Mumsnet has reported itself to the Information Commissioner’s Office (ICO) following a security boob enabled users to log in to other users’ accounts.
The breach followed a software upgrade that meant that when two users logged in at the same time there was a chance that their log-ins would be switched. That meant that not only could they post to Mumsnet forums in their names, but also view account details and read private messages.
The glitch ran for three days this week, from Tuesday to Thursday, and the website claims that 4,000 users were logged-on during that time and that 14 users reported problems. Passwords were not exposed in the breach, the organisation claims.
Mumsnet founder Justine Roberts admitted the breach in a post to users: “You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes.
“You do not need to do anything. We have reversed the change that caused the problem. We are investigating which accounts have been affected – we don’t think it’s many and we will contact you if we think it is yours.
“We will also keep you informed about what is happening. We will of course be reporting this incident to the information commissioner.”
The site has reversed the software upgrade and forced a log out of users to prevent any further accounts from being compromised.
The site was last involved in a serious data breach in 2014, when an attacker took advantage of the Heartbleed OpenSSL security flaw to compromise a number of Mumsnet’s 1.5 million accounts. µ
Source : Inquirer