Mumsnet – a popular parenting forum has reported itself to the UK data protection after a data breach was discovered.
Seems as though an upgrade to the site’s software resulted in thousands of users logging in strangers accounts. This happened when for example two users try to log in at the same time, there was the possibility that their accounts would be switched. This was revealed in a statement from 8 February 2019 that the founder, Justine Roberts, published on the site.
She also apologised, saying: “You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We will of course be reporting this incident to the information commissioner.”
Users were able to see each other’s account information, posting history and personal messages, but no passwords, since they were encrypted. Though the company still doesn’t know how many users were affected, they know that from Tuesday afternoon to Thursday morning, about 4,000 users had logged in. Of those only 14 had reported the problem.
This is not the first time the site has reported itself to the ICO. The last time was in 2018 because a row about trans rights on the forum escalated when a former employee published screenshots of posts that revealed the IP addresses of the users who wrote them.