Mumsnet Data Breach Discovered By Website Users

Laura BednarCybersecurity1 Comment

mumsnet-data-breach

Mumsnet Data Breach Hits 46 People

Mumsnet, the popular site for mothers in the United Kingdom discovered their systems were breached between the fifth and seventh of February, 2019 around two p.m. The breach was not large, with only 46 accounts affected, compared the to half billion Marriott ones. In the Mumsnet breach, when users logged into their account at the same time, accounts would get mixed up. Even though 46 accounts were hacked, 4000 accounts were logged into.

The owner of the website went on to explain that no passwords were exposed. It was a Mumsnet user who notified the website about the issue. They reached out to Mumsnet and let them know that upon them logging in, they logged into another user’s account.

In their official statement, they believe that the mix up occurred when they changed their software. This involved them moving their services to the cloud on that very day. Once they spotted the slight breach, and account mix up they quickly reverted back to their old system. Once the system was reverted they did not notice any other problems.

Information Impacted

Since there was enough notification, Mumsnet is not subjected to any GDPR fines or consequences. It is also not known completely what information was affected. They are certain that there were no passwords taken. Information that might have been impacted includes:

  • Email Addresses
  • Account Details
  • Personal Messages

Mumsnet reinforced that passwords were not impacted due to how they encrypt them. They also state in their press release that no one would be able to change the password of an account since they need to know the older password to do so. To ensure no further damage, the website conducted a force log out of all the accounts.

Credential Stuffing Risks

While there might not have been any malicious attacks reported, one possibility is account credential stuffing. This type of hacking affects a variety of online accounts that include threads, bank accounts and more. Essentially, when a hacker accesses a database of customer information, they then sell that information online. This allows anyone to purchase the database and try their luck at a variety of web-based accounts. Credential stuffing can impact businesses of all sizes and there are only a few ways to ensure it doesn’t happen to you.

Protecting yourself in a data breach or after a data breach should always first include changing your password. However, it is wise that you invest in a password manager program. There are many options out there, but we recommend using a site called LastPass.

What To Do In Case of a Data Breach

Regardless of the size of your business or organization, you are susceptible to a data breach. Hackers typically look for the easiest targets. Once they do, they will locate and expose the vulnerabilities in a variety of ways. These ways can include posting information on the dark web to gain profit. Fortunately, SecureData can help with a data breach. We can deploy anywhere in the world within twenty-four hours. For a free phone consultation, call us at 1-800-288-1407.