Parenting website Mumsnet hit by data breach
Mumsnet, the London-based UK website dedicated to parents, said it has been hit by a data breach that allowed dozens of users to view each other's account information.
The company said it had reported itself to the UK’s data protection authority, the Information Commissioner’s Office.
In a notice posted on its website, the company said that there was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February.
“During this time, any two users logging into their accounts at precisely the same time may have had their account info switched”, it said.
The total number of users affected was 44.
A bug in the software for a new user service released on Tuesday 5 February was the cause, Mumsnet said. “We reversed that change on the morning of Thursday 7 February. Since then there have been no further incidents.”
The company said that those affected were able to see each other’s email addresses, account details, posting history and personal messages.
“They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.”
Mumsnet also tried to reassure users that the breach was not as wide spread as some media reports had suggested.
“Contrary to some headlines we do NOT think 'thousands' of Mumsnet users are affected. We're working on positively identifying those affected now but we think it will be much lower than headlines suggest.”
Mumsnet founder Justine Roberts told users: “You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes.”