On 11 August Mumsnet was hit by a DDoS attack on behalf of @DadSecurity, who later resorted to swatting attacks and claimed to have stolen user account data from the site. If you are a Mumsnet user, you need to take action now.
Mumsnet hack: What is a DDoS attack?
DDoS is short for Distributed Denial of Service. This is whereby multiple computers are compromised and then used to send requests to its victim, a single system that is overwhelmed by the incoming traffic and unable to keep up its usual service.
In this case the DDoS attack was triggered by @DadSecurity, and Mumsnet’s servers were its victim.
@DadSecurity has already claimed responsibility on Twitter for the DDoS attack, tweeting such things as “RIP Mumsnet” and “Our DDoS attacks are keeping you offline.”
Mumsnet hack: What is swatting?
The @DadSecurity attack hasn’t merely been a standalone DDoS attack. Swatting is a practice in which the police are called and informed that there is sufficient danger to someone’s life that a police Swat team is immediately sent to their home.
At least two Mumsnet users have already fallen victim to swatting attacks. The first had an armed response team arrive at their house after the police were told that an armed man was prowling around. The second, a Mumsnet user who was told on Twitter by @DadSecurity to “prepare to be swatted by the best”, later had a Swat team arrive at their home.
Although @DadSecurity is claiming to have stolen data in the Mumsnet hack, and has since been able to gain access to some of the site’s admin functions, it’s important to note that these addresses were not obtained through the hack: Mumsnet does not collect user addresses, so do consider where else online this information might be available.
Nevertheless, if you are a Mumsnet user it’s understandable that you will want to protect your data getting into the wrong hands.
Mumsnet hack: What you need to do now
Although Mumsnet user passwords are encrypted, @DadSecurity has found a way to access them – most likely through phishing, whereby you are tricked into logging into a false Mumsnet login page and therefore give the hacker your login credentials.
In the event that @DadSecurity has already obtained your password, it’s important that you change it now. You can change your Mumsnet password by visiting https://www.mumsnet.com/password-reset/reset.
Make sure you choose a strong password that isn’t easily guess – here’s some advice on how to create a strong password.
You can also protect yourself from phishing attempts to steal your login data by using the option to log in via Facebook or Google, and ensure you log in only via https://www.mumsnet.com/session/login.
Another thing to watch out for: the site URL should start with https:// – if it doesn’t then do not log in.