Heartbleed Attack Hits Mumsnet
Mumsnet - a leading UK site for parents -has announced they have had data stolen from hackers exploiting the Heartbleed bug.
The site which has 1.5 million users said that they believed cyber thieves had obtained passwords and personal messages before the site was patched.
Mumsnet founder Justine Roberts noticed the flaw on Friday.
She said: "On Friday 11 April, it became apparent that what is widely known as the Heartbleed bug had been used to access data from Mumsnet users' accounts.
"We have no way of knowing which Mumsnetters were affected by this. The worst case scenario is that the data of every Mumsnet user account was accessed.
"It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone's account being used for anything other than to flag up the security breach, thus far."
Mumsnet has been criticised for sending users an email that contained a link to change their password. Police say this was dangerous advice, after previously warning people about unsolicited emails asking them to click links, even if they are familiar with the company.
Dr Stephen Murdoch, a computer security researcher at the University of Cambridge said: "Probably what Mumsnet should have done is sent out an email saying 'go to our website using the normal address to reset the password.
"If people receive an email they have not asked for they should be suspicious."
Return to internet news headlines
View Internet News Archive