Mumsnet Issues Warning To Users After Accounts Hacked And Armed Police Sent To Founder's Home

Mumsnet Accounts Hacked And Armed Police Sent To Founder's Home

Parenting website Mumsnet has come under attack from hackers who posted from user's accounts and had armed police sent to the founders' home.

Mumsnet founder Justine Roberts said the website was forced offline on 11 August by a cyber-attack from a group calling itself @DadSecurity, who posted threatening messages on Twitter such as "RIP Mumsnet".

After establishing the hacker had taken control of 11 user's accounts, Roberts shared warning threads on Mumsnet urging all users to change their passwords immediately.

Armed police officers were also sent to Robert's home on 11 August after the hacker called 999 claiming a gunman had been seen nearby.

Justine Roberts

Roberts confirmed the attack in a post on Mumsnet: "An armed response team turned up at my house last week in the middle of the night, after reports of an armed man prowling around."

She explained that this is known as a "swatting attack" - a criminal practice in which someone makes an emergency call to the police claiming that a crime is taking place at the house of the intended victim, in order to get the police to send out a SWAT team to the address.

The cyber attack initially consisted of a Denial Of Service (DOS) attack, where an attempt is made to make a website unavailable to its users.

Roberts described it as a "heavy, sustained attack which overwhelmed our ability to respond to legitimate requests."

She added: "Mumsnet might typically get something like 50-100 requests per second. During the attack we were getting around 17,000 requests per second. Each request carried more data than is normal as well."

The website then experienced a hacking attack which Roberts believes was perpetrated by the same person.

She said the hacker accessed passwords through a form of phishing, in which a fake Mumsnet login page was created, allowing the cyber-attacker to see passwords in plain text when they were typed in.

She added: "There is evidence of 11 user accounts being hacked.

"We take great care to protect the information you give us and not to ask for or store any more information than we need to run the site, but though we can’t know how many accounts have been affected, there have been enough breaches for us to ask all Mumsnet users to change their passwords."

Roberts said the details the hacker would have been able to see would be the user's email, password and postcode if they supplied it.

Roberts has urged all users to reset their passwords and make them strong, verify that https:// is appearing at the top of pages requesting login passwords and use the Mumsnet social login to avoid typing passwords.

The troll @DadSecurity has had his Twitter account suspended.

Close