Massive Mumsnet Data Breach Could Put Conveyancers At Risk

Mumsnet, the UK’s biggest network for parents, has been a victim of a severe data breach which could put conveyancing firms at risk.

Do any of your employees at your firm have a Mumsnet account? If your staff have an account with the website there is a possibility, they may have used the same password (or similar) to access systems in your firm.

The online parent forum was vulnerable for 3 days, claiming 4,000 users were logged-on during the period and it is believed the email addresses, account details, posting history and personal messages were all at risk. Cyber criminals retrieving the data from Mumsnet could discover that members of your staff are account holders and potentially guess their username and password and attack your firm.

As a Mum of a toddler, I have been guilty of this myself in the past. Due to time constraints, I naively used to use a similar password for some of my accounts. One day, out of the blue, I received an email from Hotmail which informed me that my account had been compromised. I explained to my husband about the communication I had received, he asked: “What password have you used?”, when I told him he said: “Haven’t you used that for other accounts?” It suddenly dawned on me that I had been using a variation of the same password for a number of accounts for a while. That same day, I changed all my passwords to different ones to various accounts so I wouldn’t be a victim of cyber crime.

Now, I know I was foolish, but it could have been a lot worse and the fraudsters could have potentially got hold of my password(s) and accessed sensitive and/or financial information. Since this incident, I have become very savvy with my accounts and make sure I have different passwords.

Jennifer Williams, Head of IT Security at Lawyer Checker says: “Many firms don’t realise that if an employees’ social media account is compromised criminals may use this to test if the password is the same or for social engineering attacks.  Staff education about unique passwords is so important and simple.  It is often overlooked in security training.”

Mumsnet has since reported their site to the Information Commissioner’s office (ICO) as the breach enabled users to log-in under other users’ accounts.

Justine Roberts, founder and CEO at Mumsnet confirmed the breach in a forum post to users: “We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (i.e. also affected by a mismatched login), although we know for sure it wasn’t every account.

“We’re very sorry. You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes.

“You do not need to do anything. We have reversed the change that caused the problem. We are investigating which accounts have been affected – we don’t think it’s many and we will contact you if we think it is yours.

“We will also keep you informed about what is happening. We will, of course, be reporting this incident to the information commissioner.”

The Mumsnet site had previously been involved in a serious data breach back in 2014 which compromised a number of their 1.5 million accounts.

Today's Conveyancer