back to article Mumsnet data leak: Moaning parents could see other users' privates after cloud migration

Parent gabfest platform Mumsnet has reported a data security breach that it claimed happened amid a "software change" en route to migrating services to the cloud. Justine Roberts, founder and CEO at Mumsnet, today told users: "We're very sorry to say that we've become aware of a data breach which affected some Mumsnet user …

  1. Anonymous Coward
    Anonymous Coward

    Mumsnet penetrated

    Surely El Reg missed an opportunity on the headline !

    On a more serious note, weren't they already previously hacked ? Seems they didn't learn from that experience.

    1. FrankAlphaXII

      Re: Mumsnet penetrated

      I know they had an issue with Heartbleed, but I'm not sure anyone actually exploited it. To be fair, its a forum for middle age (mostly) women to whine about everything wrong with society and those damned kids, its not quite a financial institution or communications provider.

      1. FrogsAndChips Silver badge

        Re: not quite a financial institution or communications provider.

        But their users are typically those that would reuse their passwords, so any credentials that were stolen during this breach could have been used to break into more sensitive services.

        1. Black Betty

          Re: not quite a financial institution or communications provider.

          Credentials apparently weren't exposed, just the data protected by those credentials. So no actual passwords for reused elsewhere. Worst case is the exposed data that might be used to narrow the search space for possible credentials for testing against other login portals. ie. combining names/initials with birth-date/years.

          Something I would really like to see is real world numbers on just how many average people are pwned through data breaches like this vs. top 100 password attacks on global user spaces. I strongly suspect that people who use even very simplistic password generation algorithms based on personal data/interests fare better than those who chose "clever" passwords like "drowssap".

          Simple truth is that unless someone has a good reason to target you personally, any non-trivial password is probably good enough. A six letter word with personal significance + any two digits is likely to be enormously stronger than a 1337speak variation of "Millenium Falcon" despite the search space being potentially a few million times smaller.

          Over the past few years we've seen a plethora of articles reporting on data breaches of so many millions of credentials, with the latest being some 700 million unique username/password credential pairs. So what does this really mean to the average person? The simple answer is, probably not a great deal, because unless you're Elon Musk or otherwise special in some specific way, you individually are not worth the effort of a targeted attack.

          The website Have I Been Pwned is a semi useful tool for determining if somewhere there exists a site that you've provided credentials to has ever been breached, but I think it would be far more useful to be able to simply enter a password and be told if ten or ten thousand others have had the same idea, regardless of site.

          1. mmd93ee

            Breached password search

            ‘..it would be far more useful to be able to simply enter a password and be told if ten or ten thousand others have had the same idea..’

            You can search the password database here: https://haveibeenpwned.com/Passwords

          2. FrogsAndChips Silver badge

            Re: not quite a financial institution or communications provider.

            Credentials apparently weren't exposed

            Not this time, but I was following up on a comment about the Heartbleed attack that hit them in 2014. Even the site's founder got her credentials publicly exposed.

          3. Anonymous Coward
            Anonymous Coward

            Re: not quite a financial institution or communications provider.

            Don't kid yourself. Anyone is worth being targeted.

            Being able to take over anyone's online ID is priceless for those who know how to take advantage of it.

      2. muhfugen

        Re: Mumsnet penetrated

        How are they not a communication provider, if all their customers do is whine about their lives on it? That is the very definition of communication provider.

        1. CountCadaver Silver badge

          Re: Mumsnet penetrated

          Or gibber about "patriarchy" "mansplaining" and such other well thought out gems

          They are all too ready to ban anyone disagreeing with the hive mind, yet have repeatedly allowed posts to stand advocating violence against all men.

          (anyone who doubts...google it )

          1. toxicdragon

            Re: Mumsnet penetrated

            Not to mention the three and a half million acronyms that, I admit without much digging, I cannot find definitions for.

            1. Anonymous Coward
              Anonymous Coward

              Re: Mumsnet penetrated

              Helpful tip - try Urban dictionary.

              ;)

    2. pop_corn

      Re: Mumsnet penetrated

      Hmmmm, is this dodgy reporting by theReg? I got the mumsnet email about this and it clearly says:

      > "How many people are affected? We're confident that number of users affected is 44 (2 accounts were breached twice, bringing the total occasions to 46). We have emailed these users directly. "

  2. WolfFan Silver badge

    You're slipping, El Reg

    This article just begged for a more... creative... title. And for, perhaps, a reference or two to Mrs. Slocombe or Lt. Gruber's little tank. Or something (anything!) from Benny Hill.

    1. Spoonsinger

      Re: You're slipping, El Reg

      You are right. I was totally milffed.

  3. Anonymous Coward
    Anonymous Coward

    Penis Beaker

    Sorry, that's all i think when Mumsnet gets mentioned.

    1. W.S.Gosset

      Re: Penis Beaker

      BWAH HAH HAH HAHAHAHAAAAAA!!

      How the hell did I miss THAT?

      "Get yer penis beaker, love, you've pulled."

    2. DuchessofDukeStreet
      Paris Hilton

      Re: Penis Beaker

      Oh god, I'd managed to let that particular mental image into the archives...

      AC, I hate you!

      1. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921
        1. This post has been deleted by its author

  4. GnuTzu
    Childcatcher

    Future Headline

    Futhure headline: Mumsnet reports a sudden and staggering growth of new members. Critics ask how they know whether all those new members are all actually real parents... {Fill in usual disastrous results prediction here.}

    Why do I so badly want to see people who fail to protect children raked over the coals, broken glass, and other such materials?

  5. Will Godfrey Silver badge
    Facepalm

    Dangerous

    Has anyone here been brave foolhardy enough to actually go on mumsnet. I thought about it, but chickened out.

    1. JamesWRW

      Re: Dangerous

      @mumsnet_madness on Twitter, avi is a bottle of Gordons, ventures forth so you don't have to. A good recent one was a mum shocked to discover that her cat's fish based food contained fish, and said fish had heads and eyes.

    2. Graham Butler

      Re: Dangerous

      I did back in the day when I was active on Pistonheads. There was a bit of a rivalry there, albeit pretty one-sided in terms of vitriol (hint...it wasn't the motoring enthusiasts). It's a weird place.

    3. Anonymous Coward
      Anonymous Coward

      Re: Dangerous

      AC for obvious reasons.

      I popped on it when my wife started reading aloud the "am I being unreasonable" section. Some of it is hilarious, not just because those asking tend to frame it in a dramatic fashion but because some of the first answers are almost always either stunned mums asking if the OP is joking or people answering with something equally insane and then getting abuse from every successive poster. I'm convinced most are made up or at least heavily embellished but there is some top quality time wasting to be had.

      Thing is due to the way you can shift your username it's hard to tell who's who half the time. Although I do think it's hilarious that the site patrons will occasionally have a melt down about cyber bullying etc whilst spewing filth laden insults at each other regularly. Oh it's moderated.. but only to a degree.

  6. N2

    Let me see

    The same coder(s) asthat borked security at Three?

  7. Anonymous Coward
    Anonymous Coward

    Mums the word.

  8. the Jim bloke

    Statement sums up attitude to security

    "We're very sorry to say that we've become aware "

    because everything was lovely and fluffy until then...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like