Leading parenting website Mumsnet has announced that user’s data has been stolen by hackers exploiting the Heartbleed Bug.
Mumsnet has around 1.5 million registered members and believes that cyber thieves may have obtained passwords and personal messages before it patched its site.
Mumsnet founder Justine Roberts said in a statement that a recommended fix was applied immediately after the bug was discovered last week.
However, she said there was no way of knowing how many users had already been affected by the security breach.
“It became apparent that users’ data submitted via our login page had been accessed prior to our applying this fix,
“We have no way of knowing which or how many accounts were affected but have advised users to change passwords.”
Mumsnet said it’s users were sent an email on Saturday urging them to reset their passwords, not only on mumsnet but on other sites where they may have used the same password. The email also said:
“We have no way of knowing which Mumsnetters were affected by this.
“The worst case scenario is that the data of every Mumsnet user account was accessed.
“It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone’s account being used for anything other than to flag up the security breach, thus far.”
The Heartbleed Bug was used to exploit a flaw in the widely-used web encryption programme OpenSSL and allows anyone on the internet to read the memory of the systems, meaning attackers can then eavesdrop on communications, as well as steal data directly from and impersonate the services and users.
More than half of websites use various versions of the software. The extent of the damage is still unclear.
Photo by mumsnet