This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-33985706
The article has changed 6 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Mumsnet's co-founder suffers 'swatting attack' | |
| (35 minutes later) | |
| Mumsnet has reset its users passwords after a series of attacks, one of which involved armed police being called out to the London home of the parenting site's co-founder. | Mumsnet has reset its users passwords after a series of attacks, one of which involved armed police being called out to the London home of the parenting site's co-founder. |
| Justine Roberts said she suffered a "swatting attack" last Tuesday - a type of harassment in which a perpetrator calls the emergency services out to their victim on a false pretence. | Justine Roberts said she suffered a "swatting attack" last Tuesday - a type of harassment in which a perpetrator calls the emergency services out to their victim on a false pretence. |
| She added that another member of the site had been similarly targeted. | She added that another member of the site had been similarly targeted. |
| Some accounts have been hijacked. | Some accounts have been hijacked. |
| Ms Roberts also disclosed that someone had managed to hack into the site's administrative functions. | Ms Roberts also disclosed that someone had managed to hack into the site's administrative functions. |
| Additionally, she revealed that there had been an attempt to force Mumsnet offline by swamping it with internet traffic, in what is known as a distributed denial of service (DDoS) attack. | Additionally, she revealed that there had been an attempt to force Mumsnet offline by swamping it with internet traffic, in what is known as a distributed denial of service (DDoS) attack. |
| A spokeswoman from the Metropolitan Police was unable to comment on the swatting attack. | A spokeswoman from the Metropolitan Police was unable to comment on the swatting attack. |
| However, a Twitter account linked to the incident, called DadSecurity, has been suspended. | However, a Twitter account linked to the incident, called DadSecurity, has been suspended. |
| Swat attacks | Swat attacks |
| Ms Roberts - who is married to BBC Newsnight editor Ian Katz - wrote about the hoax call-outs on one of Mumsnet's forums. | Ms Roberts - who is married to BBC Newsnight editor Ian Katz - wrote about the hoax call-outs on one of Mumsnet's forums. |
| "An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around," she wrote. | "An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around," she wrote. |
| "A Mumsnet user who engaged with @DadSecurity on Twitter was warned to 'prepare to be swatted by the best' in a tweet that included a picture of a Swat team, after which police arrived at her house late at night following a report of gunshots. | "A Mumsnet user who engaged with @DadSecurity on Twitter was warned to 'prepare to be swatted by the best' in a tweet that included a picture of a Swat team, after which police arrived at her house late at night following a report of gunshots. |
| "Needless to say, she and her young family were pretty shaken up. | "Needless to say, she and her young family were pretty shaken up. |
| "It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses." | "It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses." |
| The tweets by the DadSecurity account are now offline, but the BBC can confirm it repeatedly posted "RIP Mumsnet" and claimed to have stolen data from the site. | The tweets by the DadSecurity account are now offline, but the BBC can confirm it repeatedly posted "RIP Mumsnet" and claimed to have stolen data from the site. |
| Login redirect | |
| Ms Roberts also provided details of other attacks including: | |
| Ms Roberts added that there was evidence that at least 11 accounts had been hacked, but warned that many more could be affected. | |
| "It's a reasonable assumption, and our working one, that the passwords of everybody that has logged since 6 August 2015, and possibly some time before that, have been collected," she wrote in a follow-up post. | |
| Mumsnet has yet to determine how the hacks were carried out, but one theory is that a "cross site scripting" (XSS) attack was involved, in which code would have been added to Mumsnet's site to redirect the login process to computers controlled by the attacker. | |
| That way the hacker would have been able to harvest the passwords of people as they typed them in. | |
| Ms Roberts said Mumsnet itself stored users' passwords in a "high strength" encrypted form, so doubted its own database had been cracked. | |
| As a precautionary measure, all the site's users will have to create a new password when they next log in. | |
| In addition, members are being asked to check that the page they log in on uses a specific address - https://www.mumsnet.com/session/login. | |
| A spokeswoman for the site said it currently has 7.7 million members. |