Tuesday

‘Heartbleed’ hits 1.5 million users of UK parenting website


LONDON - British parenting website Mumsnet is the latest organization to have been hacked due to the "Heartbleed" bug, founder Justine Roberts revealed on Monday.

"Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole," she said in a statement.

"However, it became apparent that users' data submitted via our login page had been accessed prior to our applying this fix."

All 1.5 million registered users were asked to change their passwords, and Roberts did not know how many users had had data stolen.

"The worst case scenario is that the data of every Mumsnet user account was accessed," she said.

"It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone's account being used for anything other than to flag up the security breach."

The website offers users a forum in which parents can ask for, and pass on, advice about bringing up children.

Officials in Ottawa on Monday announced personal data for as many as 900 Canadian taxpayers had been stolen after being made vulnerable by the bug.

The recently-discovered flaw in online-data scrambling software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.

Computer security specialists, website masters and others became aware last week of problems posed by the "Heartbleed" bug after several reports of hacking. — Agence France-Presse

source: gmanetwork.com