Mumsnet users were accidentally logged into the accounts of strangers after a botched software change that was part of the company’s move to the cloud.
Between 2pm on 5 February and 9am on 7 February, any users logged into the site could have had their account information switched with other people logged in. This would give them access to the other users email address, account details, posting history and personal messages, but not their passwords as these are encrypted.
The parenting site became aware of the incident when a user informed the company that they were able to log into and view the details of someone else’s accounts. The total number of victims remains unknown, but it could have affected up to approximately 4,000 users who were logged in during the period in question.
Mumsnet responded by reversing the software change that likely triggered the incident, and forced a log out to ensure users would no longer be logged in to the wrong account, and has also reported the incident to the Information Commissioner.
“You’ve every right to expect your Mumsnet account to be secure and private,” Mumsnet CEO and founder Justine Roberts told users in a post on the site. “We are working urgently to discover exactly how this breach happened and to learn and improve our processes.”