Up to 1.5m Mumsnet members hit by Heartbleed bug
Parenting forum Mumsnet has warned all 1.5m members that their accounts may have been compromised by the so-called Heartbleed bug – including Justine Roberts, the site’s own co-founder, whose username and password were amongst those stolen.
Roberts conceded that there was no way of knowing how many of its 1.5m registered users were affected and instead called on all users to update their passwords as a precaution.
Roberts said: "Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it became apparent that users’ data submitted via our login page had been accessed prior to our applying this fix. As a result we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites particularly if they use the same password on Mumsnet as elsewhere.
"The security of our users' data is of paramount importance to us; we collect very little of it, and we never pass or sell it on to without people's explicit consent. Heartbleed has shown that nobody can offer a 100% guarantee of online security, but we'll continue to do our best to protect our users as much as we can, and be transparent about any breaches we find.”
Heartbleed was first identified last week and takes the form of vulnerability in the open source code used by thousands of websites, including Mumsnet, which offers hackers back door access to restricted information.
Amongst those sites to report security breaches arising from the coding flaw are the Canadian tax agency, OKCupid, Eventbrite and the FBI’s website.