
Mumsnet penetrated
Surely El Reg missed an opportunity on the headline !
On a more serious note, weren't they already previously hacked ? Seems they didn't learn from that experience.
Parent gabfest platform Mumsnet has reported a data security breach that it claimed happened amid a "software change" en route to migrating services to the cloud. Justine Roberts, founder and CEO at Mumsnet, today told users: "We're very sorry to say that we've become aware of a data breach which affected some Mumsnet user …
I know they had an issue with Heartbleed, but I'm not sure anyone actually exploited it. To be fair, its a forum for middle age (mostly) women to whine about everything wrong with society and those damned kids, its not quite a financial institution or communications provider.
Credentials apparently weren't exposed, just the data protected by those credentials. So no actual passwords for reused elsewhere. Worst case is the exposed data that might be used to narrow the search space for possible credentials for testing against other login portals. ie. combining names/initials with birth-date/years.
Something I would really like to see is real world numbers on just how many average people are pwned through data breaches like this vs. top 100 password attacks on global user spaces. I strongly suspect that people who use even very simplistic password generation algorithms based on personal data/interests fare better than those who chose "clever" passwords like "drowssap".
Simple truth is that unless someone has a good reason to target you personally, any non-trivial password is probably good enough. A six letter word with personal significance + any two digits is likely to be enormously stronger than a 1337speak variation of "Millenium Falcon" despite the search space being potentially a few million times smaller.
Over the past few years we've seen a plethora of articles reporting on data breaches of so many millions of credentials, with the latest being some 700 million unique username/password credential pairs. So what does this really mean to the average person? The simple answer is, probably not a great deal, because unless you're Elon Musk or otherwise special in some specific way, you individually are not worth the effort of a targeted attack.
The website Have I Been Pwned is a semi useful tool for determining if somewhere there exists a site that you've provided credentials to has ever been breached, but I think it would be far more useful to be able to simply enter a password and be told if ten or ten thousand others have had the same idea, regardless of site.
Credentials apparently weren't exposed
Not this time, but I was following up on a comment about the Heartbleed attack that hit them in 2014. Even the site's founder got her credentials publicly exposed.
Hmmmm, is this dodgy reporting by theReg? I got the mumsnet email about this and it clearly says:
> "How many people are affected? We're confident that number of users affected is 44 (2 accounts were breached twice, bringing the total occasions to 46). We have emailed these users directly. "
How do you dunk yours?
https://www.mumsnet.com/Talk/mumsnet_classics/1875847-Do-you-dunk-your-penis
This post has been deleted by its author
Futhure headline: Mumsnet reports a sudden and staggering growth of new members. Critics ask how they know whether all those new members are all actually real parents... {Fill in usual disastrous results prediction here.}
Why do I so badly want to see people who fail to protect children raked over the coals, broken glass, and other such materials?
AC for obvious reasons.
I popped on it when my wife started reading aloud the "am I being unreasonable" section. Some of it is hilarious, not just because those asking tend to frame it in a dramatic fashion but because some of the first answers are almost always either stunned mums asking if the OP is joking or people answering with something equally insane and then getting abuse from every successive poster. I'm convinced most are made up or at least heavily embellished but there is some top quality time wasting to be had.
Thing is due to the way you can shift your username it's hard to tell who's who half the time. Although I do think it's hilarious that the site patrons will occasionally have a melt down about cyber bullying etc whilst spewing filth laden insults at each other regularly. Oh it's moderated.. but only to a degree.