Mumsnet reports data breach to ICO after a failed “software change”

Parenting website, Mumsnet reported itself to the UK’s Information Commissioner’s Office (ICO) after a failed “software change” led to users accessing other peoples details.

In a statement on the company’s website, Mumsnet said the incident occurred between 2pm on Tuesday (Feb.6th) and 9am on Thursday (Feb.7th).  

The bug allowed users to view other people’s account information if they were logged in at the same time, said Mumsnet founder, Justine Roberts.

A total of 46 users were breached, it said, but passwords were not exposed as that data is fully encrypted.

Some of those who were affected informed Mumsnet of the breach early on 7th February.

Those affected could view other personal information including their email address, account details, posting history, and personal messages.

Mumsnet issues an apology to customers

In a statement on the site, Mumsnet said: “We’re really sorry that our mistake has caused anxiety and we do understand why some MNers will be really worried by this.

“There is no evidence that anyone whose account was logged into has done anything malicious, but of course, we cannot be sure until we have tracked down and investigate every incidence and every log and contacted the affected posters – we are working very hard to close this down as quickly as possible.”

Mumsnet said that it has reversed the software update that caused the problem and said that it has not been aware of any further incidents.

“We reversed that change on the morning of Thursday 7th February. Since then there have been no further incidents,” the company said.

The company also said they have forced every user to log out of their account to ensure that anyone who is “logged in as someone else will no longer be logged in to the wrong account”.

The ICO said it has reviewed the report and will be looking further into the incident.


Related Posts