Mumsnet users are being urged to change their passwords and login details after hackers targeted the website by exploiting the Heartbleed bug.
In what is believed to be the first confirmed breach via the security flaw, the parenting website – which claims to have 1.5 million registered members – said it believed that cyber-thieves may have obtained the data before it repaired the security flaw on Saturday.
The site’s founder, Justine Roberts, said that it first became apparent that user data was at risk when her own username and password were used to post a message online. She said the hackers then informed the firm’s website administrators that the attack was linked to the Heartbleed flaw and told them the company’s data was no longer safe.
Heartbleed is thought to be one of the most serious internet security flaws ever, mainly because it remained undiscovered for more than two years. It can give anyone access to the data behind internet encryption, including passwords and credit card details, without leaving any trace.
In an email to members, Mumsnet said: “We have no way of knowing which Mumsnetters were affected by this. The worst-case scenario is that the data of every Mumsnet user account was accessed.
“It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone’s account being used for anything other than to flag up the security breach, thus far.”
The site is also asking members to reset any passwords created on or before Saturday.