Botched Mumsnet update allowed users to see details of strangers’ accounts

Parenting site apologises for data breach.
               

Botched Mumsnet update allowed users to see details of strangers' accounts

Mumsnet, the phenomenally popular British parenting website, has admitted that a software upgrade unintentionally allowed users to gain access to the accounts of other users who had logged in at the same time.

In an email sent to its members, Mumsnet said that the problem affected user logins between 2pm on Tuesday 5 February, and 9am on Thursday 7 February, and blamed the problem on a software bug rolled out across the site on Tuesday.

Mumsnet email

The site only became aware there was a problem on the evening of Wednesday 6 February, when a concerned Mumsnet user raised the alarm that they were able to view the details of a stranger’s account - which included their email address, account details, posting history, and personal messages. Passwords were not accessible.

The following morning Mumsnet rolled back the software update, and says there have been no reports of unauthorised account access since.

In all, Mumsnet says that the number of affected users is 44 (with two accounts being breached twice, “bringing the total to 46”.)

For a site that claims to receive over 14 milion unique visitors per month, that’s hardly a catastrophic figure - but that, of course, is little cause for comfort those who were affected by the botched update.

Furthermore, it suggests that Mumsnet’s technical team did not thoroughly test the update before rolling it out across its live production site.

Maybe that’s a bit harsh of me. It must be hard to find a bug like this that is only affecting a tiny percentage of users in testing. I guess what would be good would be to build a QA process that attempts to replicate typical behaviour on a site like Mumsnet - including emulating lots of simultaneous logins to see if there are peculiar outcomes. Just as you would hopefully stress test the site to see how it behaves under high pressure.

The site is no stranger for hitting the headlines for all manner of reasons, some of which have been cybersecurity-related - such as when it was exploited via Heartbleed vulnerability, suffered a DDoS attack, was hacked, and its founder was targeted with a SWATting.

Mumsnet says that it is reporting the latest breach to the Information Commissioner’s Office (ICO).

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.