Mumsnet data breach enabled users to log-in to each others' accounts following platform upgrade
Popular website reports itself to ICO over platform upgrade data breach
Popular website Mumsnet has reported itself to the Information Commissioner's Office (ICO) following a data breach that enabled users to log-in under other users' accounts.
The breach followed a software upgrade that meant that when two users logged in at the same time there was a chance that their log-ins would be switched. That meant that not only could they post to Mumsnet forums in their names, but also view account details and read private messages.
The glitch ran for three days this week, from Tuesday to Thursday. The website initially claimed that 4,000 users were logged-on during that time and that 14 users reported problems. Passwords were not exposed in the breach, the organisation claims.
Following an investigation, Mumsnet later admitted that 46 accounts had been breached.
Mumsnet founder Justine Roberts admitted the breach in a post to users: "You've every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes.
"We will also keep you informed about what is happening. We will of course be reporting this incident to the information commissioner."
The site has reversed the software upgrade and forced a log out of users to prevent any further accounts from being compromised.
The site was last involved in a serious data breach in 2014, when an attacker took advantage of the Heartbleed OpenSSL security flaw to compromise a number of Mumsnet's 1.5 million accounts.