Parenting site Mumsnet hit by data breach
Parenting site Mumsnet has reported itself to the UK’s data protection watchdog after an upgrade let some people see details of other accounts.
In a message placed on the site, it said the problem occurred between 5 and 7 February.
Accounts got mixed up if two users logged in at exactly the same time, said Mumsnet founder Justine Roberts.
A total of 46 users were breached, the site said, but no passwords are said to have been exposed.
“You’ve every right to expect your Mumsnet account to be secure and private,” wrote Ms Roberts. “We are working urgently to discover exactly how this breach happened and to learn and improve our processes.”
Some of those affected sounded the alarm to Mumsnet early on 7 February that they could view other accounts.
Those affected would have been able to see information including:
- email address
- account details
- posting history
- personal messages
Mumsnet said it had now reversed the software update that caused the issue. It has also forced all users to log out so anyone still lurking in another user’s account would be removed from it.
The ICO said it had received the report from Mumsnet and would be looking into the incident.
Analysis by technology reporter Zoe Kleinman
Mumsnet tends to make the headlines for light-hearted reasons.
Often it is a result of some of the more bizarre issues raised by members of the parenting site on its chat forums (the “penis beaker” is the stuff of legend, look it up) and the head-scratching acronyms such as AIBU (am I being unreasonable), DC (darling children) and LTB (leave the… you can guess the rest).
However, it is also for some women the first platform they turn to for help and advice on a number of deeply personal issues: intimacy, abuse, domestic violence, miscarriage, adultery, loneliness, their children’s special needs.
They worry about being identifiable to fellow “mumsnetters” who may know them in real life, and even their partners stumbling across their posts. The trust they put in Mumsnet to protect their privacy – and perhaps as a result their safety – is considerable.
The idea of writing these posts or private messages while accidentally being logged on as someone else is genuinely concerning and while it’s a relief that it does not appear to have affected many people, the disclosure will be worrying for some.