Popular British parenting site, Mumsnet, have been targeted by a series of attacks, including a DDoS attack and even a “swatting” attack which led armed officers to the home of founder, Justine Roberts, in the middle of the night.
A Twitter account, @DadSecurity, claimed responsibility and have published a database that contains over 3,000 user passwords. The list appears to disclose user names, IP addresses and passwords of users, as well as information from site administrators too.The incidents began on the night of Tuesday 11 August, when the site was taken down for several hours by a DDoS attack, as the servers were flooded with requests. During the same night, Justine Roberts, was victim of a “swatting” attack where armed police were called to her London home.Posting on Mumsnet, the founder explained what had happened,“An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around. A Mumsnet user who engaged with @DadSecurity on Twitter was warned to “prepare to be swatted by the best” in a tweet that included a picture of a swat team, after which police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. It’s worth saying that we don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.”Not only were Mumsnet subject to both of those attacks, but it was also found that at least 11 users’ accounts had been compromised via a sophisticated phishing attack. However yesterday, the hole was found that had been used to capture the user login data and patched.Nearly 8 million users have been forced to change their passwords and it’s good to see that Mumsnet are currently undergoing full security testing by external experts, in order to determine if there are any other weaknesses that could be exploited.They also offer some solid advice; stay vigilant, update your password on their website and all other sites where it’s possible you have used the same password.What you need to know about changing your password following the attacks on our site: http://t.co/Sr3f7ZUBmR pic.twitter.com/2tBwDIRW6L— Mumsnet (@MumsnetTowers) August 19, 2015
To stay informed with the situation follow this thread.