This article was published on April 14, 2014

Parenting website Mumsnet and Canadian tax authority hit by Heartbleed hackers


Parenting website Mumsnet and Canadian tax authority hit by Heartbleed hackers

The massive Heartbleed encryption security flaw that came to light last week has been used to compromise details of users stored on the systems of the Canadian Revenue Agency and the parenting website Mumsnet.

Mumsnet began informing its users by email on Friday that the vulnerability had been used to access accounts, and that there was no way of telling exactly what data might have been compromised or how many members are affected, according to the BBC. It has subsequently forced its members to reset their passwords in order to carry on using the site. Mumsnet had not responded to a request for comment at the time of writing.

News of the Mumsnet breach was preceded by confirmation on Monday from the Canadian tax authority that 900 individuals’ social insurance numbers had been stolen.

Update:  Justine Roberts, founder of Mumsnet, said in a statement:

“Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it became apparent that users’ data submitted via our login page had been accessed prior to our applying this fix. As a result we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites particularly if they use the same password on Mumsnet as elsewhere.”

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

➤ Heartbleed hackers steal data from Mumsnet and Canada [BBC]

Featured Image Credit – Håkan Dahlström / Flickr

 

Get the TNW newsletter

Get the most important tech news in your inbox each week.