Heartbleed hack steals data from Mumsnet

The leading UK site for parents has had users data compromised by hackers then using 'Heartbleed' exploit. Technology firms have urged the public to change passwords amid fears the Heartbleed bug could leave sensitive data vulnerable to hackers.

Latest ITV News reports

Heartbleed hack steals data from Mumsnet

The Mumsnet logo Credit: Mumsnet

The leading UK site for parents has had users data compromised by hackers then using 'Heartbleed' exploit.

Mumsnet sent an email to users, warning that the hackers may have passwords and personal messages before network administrators were able to fix the vulnerability.

The website has urged all users to change their passwords.

Read: Heartbleed hackers could target 'unpatched systems'

NSA deny knowing about the Heartbleed bug

The National Security Agency (NAS) have denied that they were aware of the Heratbleed bug before the security flaw was made public.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.

The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services.

If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

– Spokesperson Caitlin Hayden, US National Security Council

The denial follows claims the NSA had known about the flaw for up to two years.

Advertisement

NSA 'knew about Heartbleed and used it to mine data'

A padlock logo indicates that a company is using the OpenSSL security programme with the flaw.
A padlock logo indicates that a company is using the OpenSSL security programme with the flaw. Credit: Tim Goode/EMPICS Entertainment

The US National Secutiry Agency (NSA) has knew about the Heartbleed bug for at least two years before it was revealed, according to Bloomberg.

One person 'familiar with the matter' told the news agency that the NSA preferred to keep the bug secret in order to harvest the private data the flaw exposed.

Read more: 'Change every password' warning over Heartbleed bug

Heartbleed hackers could target 'unpatched systems'

The US Government have warned that hackers are attempting to exploit the 'Heartbleed' bug by scanning networks to see if they are vulnerable, saying they could now "exploit unpatched systems".

Read more: 'Change every password' warning over Heartbleed bug

An illustrated picture shows source code of a computer. Credit: Sebastian Kahnert/DPA

Larry Zelvin, a Department of Homeland Security official who runs an agency centre that monitors and responds to emerging cyber threats said on his White House blog:

"While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems."

Security firm sets up website on Heartbleed bug

Finnish security firm Codenomicon has set up a dedicated website to give people information about the Heartbleed bug, a glitch in the OpenSSL security product that may have put internet users' personal data at risk.

It comes after the firm, along with Google Security, revealed earlier this week that the bug had gone undetected for two years and could be used by hackers to steal sensitive information such as passwords.

Read: 'Change every password' warning over Heartbleed bug

Advertisement

Public urged to 'change every password' amid bug worry

Several technology companies have urged the public to reset their passwords amid fears of a major security problem with a product used to protect people's personal data.

The Heartbleed bug affects OpenSSL, which many companies use to protect sensitive information, including people's password.

A small padlock icon appears on websites using OpenSSL to reassure users, but the loophole in the programme could have left it open to exploitation by hackers.

The log-in page for an online bank shows the OpenSSL padlock icon Credit: Tim Goode/EMPICS Entertainment

Blogging platform Tumblr posted a public notice about the bug, advising users to "take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking".

Finnish security company Codenomicon also said it would be "a good idea" to change potentially vulnerable passwords.