The massive Heartbleed encryption security flaw that came to light last week has been used to compromise details of users stored on the systems of the Canadian Revenue Agency and the parenting website Mumsnet.
Mumsnet began informing its users by email on Friday that the vulnerability had been used to access accounts, and that there was no way of telling exactly what data might have been compromised or how many members are affected, according to the BBC. It has subsequently forced its members to reset their passwords in order to carry on using the site. Mumsnet had not responded to a request for comment at the time of writing.
News of the Mumsnet breach was preceded by confirmation on Monday from the Canadian tax authority that 900 individuals’ social insurance numbers had been stolen.
Update: Justine Roberts, founder of Mumsnet, said in a statement:
“Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it became apparent that users’ data submitted via our login page had been accessed prior to our applying this fix. As a result we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites particularly if they use the same password on Mumsnet as elsewhere.”
Featured Image Credit – Håkan Dahlström / Flickr