Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Telegraph reports that British parenting Web site Mumsnet has reset all of its 1.5 million registered users' passwords after hackers leveraged the Heartbleed bug to access user passwords and personal messages.
The flaw enabled the attackers to view information submitted via the login page, including user names, e-mail addresses and passwords. "It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone's account being used for anything other than to flag up the security breach, thus far," the company said in a statement.
"We have no way of knowing which Mumsnetters were affected by this," the company added. "The worst case scenario is that the data of every Mumsnet user account was accessed. That's why we've required every user to reset their password."
Site founder Justine Roberts told BBC News that the attack was discovered when her own user name and password were used to post a message online, and the hacker stated that the Heartbleed bug had been leveraged to access the data.