Skip to main content

Mumsnet targeted by DDoS and phishing cyberattacks

It is being reported that a number of Mumsnet accounts have been taken over by hackers.

Users of the website, which hosts blogs and forums devoted to parenting, have been advised to change their passwords immediately as a result of the attack.

Read more: Cheaters beware: Ashley Madison hackers leak data online

It appears as though the hackers are not attempting to gain financially from the cyberattack, but rather it is just the latest example of “Internet trolling.” The founder of Mumsnet, Justine Roberts, was also the victim of a hoax phone call that claimed a gunman had been viewed nearby her house, resulting in armed police being dispatched in what is referred to as a “swatting attack.”

In addition, at least 11 user accounts have also been hacked, with Mumsnet members reporting that hackers are making posts falsely under their names. It is believed that the account details were acquired through some form of phishing attack, most probably by creating a fake Mumsnet login page.

Ms Robert added that subsequent DDoS attacks were serious enough to force the website offline and that the site’s security policy is now being updated.

“Yesterday afternoon the tech team found the hole that was accessed to capture user login data via phishing and patched it,” she said. “Then, as you probably know, we forced another password update requiring higher security passwords last night (once we'd rebutted a further DDoS attack). We are undergoing full security testing by external experts over the next few days to determine if there are any other weaknesses that might be exploited. We'll update you when that process is completed.”

Read more: Target confirms $67m Visa settlement over 2013 hack

However, this is not the first time that Mumsnet has been targeted by online hackers. Back in April 2014, the Heartbleed vulnerability was exploited by hackers to obtain sensitive user information.