TRENDING:

Heartbleed Breach Reported in UK

1.5 Million Accounts at Website for Parents Potentially Exposed Jeffrey Roman (gen_sec) • April 15, 2014    
Heartbleed Breach Reported in UK

Mumsnet, a UK website for parents, is forcing all of its users to change their passwords after it discovered that a cyber-attacker had taken advantage of the Heartbleed bug to access data from users' accounts.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

"On Thursday April 10 we ... became aware of the bug and immediately ran tests to see if the Mumsnet servers were vulnerable," the company says in a notice. "As soon as it became apparent that we were, we applied the fix to close the OpenSSL security hole. However, it seems that users' data was accessed prior to our applying this fix."

The site says it has no way of knowing which Mumsnet users were affected by the exploit. "The worst case scenario is that the data of every Mumsnet user account was accessed. That's why we've required every user to reset their password."

News reports claim that the website has 1.5 million registered members.

The Heartbleed vulnerability allowed an intruder to access information submitted via the login page, which includes username or e-mail and password, according to the notice. "It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone's account being used for anything other than to flag up the security breach, thus far," Mumsnet says.

The website did not immediately respond to a request for additional information.

In another breach related to Heartbleed, the Canada Revenue Agency reported that 900 taxpayers had their Social Insurance numbers compromised (see: Heartbleed Causes Breach in Canada).

Heartbleed exposes a flaw in OpenSSL, a cryptographic tool that provides communication security and privacy over the Internet for applications such as Web, e-mail, instant messaging and some virtual private networks (see: Heartbleed Bug: What You Need to Know).

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Previous
UK Cosmetic Surgery Group Hacked
Next
Retailer LaCie Confirms Breach

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.