Mumsnet.com, the popular British parenting website that has millions of unique visitors each month, is requiring registered users to change their passwords because hackers appear to have exploited the notorious Heartbleed bug to gain access to customer information.
According to a statement published on the website by Mumsnet founder Justine Roberts, the company learned of the data breach on April 11.
“On Thursday 10 April we at MNHQ became aware of the bug and immediately ran tests to see if the Mumsnet servers were vulnerable. As soon as it became apparent that we were, we applied the fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it seems that users' data was accessed prior to our applying this fix,” Roberts noted.
“So, over the weekend, we decided we needed to ask all Mumsnet users to change their passwords. So, you will no longer be able to log in to Mumsnet with a password that you chose before 5.45pm on Saturday April 12, 2014,” she added.
It’s uncertain how many users are impacted by the breach, which is why Mumsnet is asking all customers to reset their passwords.
While there’s no evidence that any accounts have been inappropriately accessed, the individuals who stole login email addresses and passwords could have accessed victims’ personal profiles, posting history and private messages.
The company advises users to change not only their Mumsnet passwords, but also the passwords set on other services if the same one has been utilized.
Mumsnet users should probably also be on the lookout for any suspicious emails that might land in their inbox, especially if they purport to come from Mumsnet or if they’re related to parenting. This data breach is a perfect opportunity to launch a phishing operation.
According to the official website, Mumsnet has over 10 million visits each month, generating more than 60 million page views. AFP reports that the parenting website has 1.5 million registered users.
Mumsnet is not the only online service targeted by cybercriminals after news of Heartbleed came to light. The Canadian Revenue Agency has reported that the details of 900 individuals have been compromised after someone leveraged the Heartbleed bug to gain access to personal information.
As experts highlighted after the existence of the OpenSSL vulnerability came to light, many organizations advised users to change their passwords. However, changing your password doesn’t do any good if the service in question doesn’t patch its OpenSSL installation.