This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 6 °C Tuesday 22 October, 2019
Advertisement

Armed police sent to home of parenting website founder in "swatting attack"

Mumsnet has reset users’ passwords after a series of similar attacks in recent days.

UK PARENTING WEBSITE Mumsnet has reset its users passwords after a series of so-called “swatting” attacks, whereby perpetrators call out emergency services to the homes of their victims under false pretences.

In a post, co-founder Justine Roberts said she had been the victim of one such attack last Tuesday.

Armed police were called to her London home, she said.

Other members have also been targeted and some accounts have been hijacked.

Detailing last week’s security problems at the site, a message on its homepage explained that on the night of Tuesday 11 August the service went offline after a denial of service (DDoS) attack.

A Twitter account called @DadSecurity claimed responsibility.

dad Source: Mumsnet

A message ‘RIP mumsnet’ was then tweeted, followed by this:

rip

Here’s what happened next, according to the site:

“In what’s known as a swatting attack, an armed response team turned up at JustineMumsnet’s house in the middle of the night: the police had received a spurious report about an armed man prowling around.

“A Mumsnet user who engaged with @DadSecurity on Twitter was also visited by armed police in the middle of the night, following a report of gunshots.”

The service is stressing:

We don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.

12 August breach

Last Wednesday, someone claiming to be the hacker posted on a thread where users were discussing the issue.

“We immediately locked down all access to our admin functions and reported the attack to the police.”

Further problems were detected over the weekend when a user reported that posts made under her name hadn’t been written by her.

According to today’s update:

It became clear that the hackers had got hold of some users’ passwords – a fact confirmed late last night, when they posted the stolen passwords online.

mum Source: Mumsnet

Passwords reset

All user passwords have now been reset. Instructions on how to get a new one are explained by the site here.

It’s believed the information was gleaned by the hacker via a form of phishing:

“We take great care to protect the information users give us, and don’t ask for, or store, any more information than we need to run the site.

“All passwords are encrypted, so that no one – not even us – can see them. We think, therefore, that this has been done via a form of phishing, whereby the hacker creates a fake Mumsnet login page that looks just like the usual page, but with a slightly different URL.

The hacker would have been able to see passwords in plain text when they were typed in.

Who’s been affected?

Mumsnet say they don’t yet know how many people have been affected – but the hackers have published some 3,000 names and passwords online. The site has around 7.7 million members.

Once he gained access to the hacked user accounts, the hacker would have been able to see profile data - username, password, postcode if supplied, username history and Mumsnet inbox.

A spokeswoman for the Metropolitan Police told the BBC she was unable to comment on the swatting attack at Justine Roberts’ home.

The Mumsnet founder is married to BBC Newsnight editor Ian Katz.

Read: Ambulance with patient on board overturns after being hit from side

Read: Inquests into deaths of 9-year-old twins and older brother underway 

  • Share on Facebook
  • Email this article
  •  

About the author:

Read next:

COMMENTS (5)