The home of the co-founder of popular parenting website Mumsnet was visited by armed police last Tuesday night after someone reported that a gunman was prowling around.
The unwarranted visit, known as a ‘swatting’ attack, was apparently instigated by a Twitter user with the name ‘@DadSecurity’ (since deleted) who had been claiming responsibility for an ongoing denial of service (DDoS) attack that prevented many users from accessing the site, Justine Roberts wrote in a post explaining the situation:
“On the night of Tuesday 11 August, Mumsnet came under attack from what’s known as a denial of service (DDoS) attack. Our servers were bombarded with requests, which required our internet service provider to massively increase server capacity to cope. We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets “Now is the start of something wonderful”, “RIP Mumsnet”, “Nothing will be normal anymore” and “Our DDoS attacks are keeping you offline.”
Win a trip to Amsterdam!
We've teamed up with Product Hunt to offer you the chance to win an all expense paid trip to TNW Conference 2017!
In addition to claiming responsibility for the DDoS and swatting of Roberts, the user also claimed to have access to the Mumsnet admin functions and successfully pointed visitors to the homepage at the @DadSecurity twitter account. The same person also managed to edit posts from specific user accounts.
“We immediately locked down all access to our admin functions and reported the attack to the police. We were confident that users’ passwords had not been accessed, because MNHQ doesn’t hold them as plain text; they’re all encrypted, so that no one – not even us – can see them.
However, over the weekend, a user reported that posts had been made under her name which weren’t by her, and we spotted two other cases where this had happened. This clearly suggested that the hacker had nonetheless been able to get hold of some users’ passwords.”
Mumsnet says that its “best guess” as to how that happened is via phishing attacks that use a fake Mumsnet login screen, and is advising its users to change their passwords both on Mumsnet and any other sites on which they use the same login details.