You may well have heard of Mumsnet, one of the most popular parenting community websites in the UK. You can take part in discussions on hosted forums, with parents both new and old sharing information and advice on raising children, as well as other topics. For such a large community website, you’d hope that your personal data is safe. But as this latest high-profile security breach shows, even the bigger online players can be hit by data security issues.
CEO confirms data breach
In a post that appeared on the Mumsnet community forums this week, the founder and CEO of the company, Justine Roberts, confirmed that the website had been hit by a data breach. According to Ms. Roberts, “There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5th February, and 9am on Thursday 7th February.”
Justine went on to say that, “During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.”
Mumsnet are not yet aware of exactly how many user accounts have been affected by the bug, though up until recently, only around 15 people had confirmed that their accounts were compromised. Additionally, the software issue has now been fixed, with users forced to log out and back in again to avoid future problems.
Ms. Roberts also said, “We do know that approximately 4000 user accounts were logged into in the period in question, but we don’t as yet know which of those were actually breached (i.e. also affected by a mismatched login), although we know for sure it wasn’t every account.
“We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.
“We’re very sorry. You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening.”
What the breach means
Thankfully, it sounds more like Mumsnet has been hit by a software flaw or vulnerability. Users logging in during the affected period were said to have potentially had their account details switched, as opposed to it being siphoned off or stolen. Here at WiseGuys, we would hope that this simply means that there was a temporary, short-lived problem with the website’s login process, and not a third-party hacking into the website to steal user information.
If you were affected by this website issue, then worst-case scenario, another user may have seen your personal messages or personal details. But it doesn’t sound as if there’s any risk of a malicious third-party having gained any of your personal data. Still, it’s probably worth considering a password change — and this is always a good opportunity to ensure that you are following best practices in choosing new passwords.
Choosing a secure password
Accounts are rarely hacked by a malicious cyber-criminal sitting at a computer and guessing at random combinations. They’re normally compromised by sophisticated software programs, which will often use one of 2 different types of attack. The ‘Brute Force’ method tries to guess your password by attempting combinations of numbers and characters. Whilst the ‘dictionary attack‘ attempts common words and phrases. That’s why using a short password, or a simple password such as ‘123456‘ or ‘qwerty‘, can be so dangerous.
Norton, one of the most popular antivirus providers around, say that “the shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters.”
Though we’ve provided guidance on selecting a strong password before, WiseGuys feel that you can never give this advice too much. Here are some basic ‘dos’ and ‘don’ts’ when creating yourself a secure password.
- Combine both upper and lowercase letters with numbers and symbols, wherever allowed;
- Use a minimum of 8 characters, but more if possible;
- Log out of websites if you’re done using them, particularly if other people use the same computer;
- Regularly change your passwords, rather than using the same ones for months and years;
- Choose easily-remembered phrases that you can abbreviate. For example, use the password ‘Timetrp100.’, or ‘This is my easy to remember password 100 .’
- Store your passwords within internet browsers when prompted;
- Use easily discoverable inforamtion, like family names, birthdays, or phone numbers;
- Use single words that could be cracked in a ‘dictionary attack’;
- Use obvious passwords, like ‘123456’, ‘password’, ‘qwerty’, and so on.
For more information on avoiding bad passwords, check out our list of the top 25 worst passwords from 2018. If you find yourself using one — or more — of these passwords, then you should reconsider your online security as soon as possible! Additionally, consider setting up two-factor authentication on all your accounts, wherever possible. And if you need any guidance on doing any of these things, then simply give WiseGuys a call on 0808 123 2820. As a Which? Trusted Trader, we know all the tricks when it comes to online security.