Upgrade to Software Exposes Data

2019, Breaches, February

Who: Mumsnet

# of records: Unknown

Date: 7 February 2019

What Happened: A botched upgrade to the software

How it Happened: A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility that their accounts would be switched. Each user was able to post as the other, see their account details, and read private messages. The company doesn’t know how many user accounts were affected but says that over the three days the bug was live, from Tuesday afternoon to Thursday morning, about 4,000 users logged in. Of that, only 14 users have reported an issue.

Outcome: Company apologizes​ after bug meant users were able to log into accounts of strangers. Mumsnet confirmed to the Guardian that it has now self-referred to the Information Commissioners Office, as it is legally required to do in the event of a data breach. We have reversed the change that caused the problem. We are investigating which accounts have been affected.