Mumsnet reveals how it fell victim to Heartbleed

The website discovered it was vulnerable when a hacker posted a message on one of its forums, posing as the site's CEO

Mumsnet has released a statement detailing how it discovered it was open to the Heartbleed OpenSSL vulnerability.

On 8 April, when the first sites were affected by the Heartbleed OpenSSL vulnerability, the company ran some tests to see if it was open to an attack and patched the holes it believed hackers would use to access systems on April 9.

However, on 11 April, a message was posted on one of the website's forums, purportedly from the site's CEO, Justine Roberts.

Despite the patch being successfully applied, the hackers used data scraped before its application to make the fraudulent post.

Passwords are like underwear; change them often

It made some odd statements about the site's users, claiming they were "unreasonable and petty."

The post went on to claim Roberts would be closing the site down or selling it, finishing with: "I'm putting this grothole up for sale and spending the money on dogecoin. Probably a more sensible thing to do than run this place any longer."

Mumsnet was very quick to announce this wasn't the company's CEO and hackers had taken advantage of the Heartbleed vulnerability, bypassing the patches the company had put in place.

Shortly after, other Mumsnet accounts were used to post messages writing out the string: "All your base are belong to us."

The Heartbleed vulnerability had allowed hackers to steal usernames, passwords and post messages on user accounts. Thirty usernames and passwords were then posted to the text sharing site Pastebin, prompting Mumsnet to change user passwords to prevent any more damage occurring.

The blog post on Mumsnet said, although nothing malicious happened, it seems the vulnerability was used to highlight the security risk with Heartbleed.

It advised its users: "The internet is brilliant, but nobody can guarantee it's 100 [per cent] safe and secure - EVER. Whenever you share anything on the web, either publicly (such as on a Mumsnet thread) or privately (such as the data you give to a website when signing up), have a think about how happy you would be for that information to get into the hands of a hacker.

"Make your passwords as secure as possible and change them every few months ('passwords are like underwear; change them often'). Use different passwords for different accounts. Close redundant accounts that you no longer use."

Yesterday, security experts warned the volume of companies trying to patch holes exposed by the vulnerability could severely slow down the internet.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020