Mumsnet reports data breach to ICO after problematic cloud move

Mumsnet admitted data breach fault after a botched upgrade shares its user's data

Mumsnet founder Justine Roberts

Mumsnet has reported itself to the Information Commissioner's Office (ICO) after a botched upgrade resulted in users accidentally logging into the accounts of others.

The parental forum believes that the breach was caused when moving its services to the cloud on Tuesday afternoon. The problem ran from 2pm Tuesday to 9am Thursday when the changes were reversed.

The breach concerns logins where for three days users logging into their accounts at the same time as another user could have had their account info switched. A user alerted the company to the breach on Wednesday night saying that they were able to login and view another user's account.

Advertisement - Article continues below

Mumsnet said it is investigating its logs to determine the impact of the breach. Approximately 4,000 users were logged in during the three-day window, but Mumsnet doesn't know how many of those were actually breached. The company has only been made aware of 14 incidents so far and those individuals have been notified of the issue.

According to the site, logging into another user's account allowed them to see email addresses, account details, posting history and personal messages, but not passwords as they are encrypted.

"One must acknowledge that all software is imperfect and when software has bugs, when they're identified in productions systems they need to be patched or rolled back to a known good state quickly, and that's what has reportedly happened here," said Matt Walmsley, EMEA director at Vectra. "It's not clear to what degree pre-rollout testing occurred or if the "move to the cloud" was material in the incident."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

No further incidents have been reported suggesting that it was the move to the cloud that caused the issues. Mumsnet founder Justine Roberts posted a blog post to apologise to users and notify them that it will report the breach to the ICO.

"You've every right to expect your Mumsnet account to be secure and private," she said. "We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We will, of course, be reporting this incident to the information commissioner."

Mumsnet is not alone in this regard, as 2018 saw an unprecedented number of companies reporting data breaches, with almost 60,000 reported across Europe since GDPR came into force.

What's interesting about the Mumsnet incident is it's due to a fault during an upgrade to cloud services, highlighting the dangers of rushing digital transformations. To the company's credit, it acted swiftly and took steps to shut down the problem, notify its users and involving the regulator.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/development/containers/356391/the-rise-of-containers
Sponsored

The rise of containers

9 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020