Following a series of incidents earlier this month, popular parenting site Mumsnet has reported further attacks, including a second DDoS attack, which took the site offline on Monday 24 August. A post answering FAQs and providing live updates said:
“This attack was double the size of the previous one and was distributed across many servers but we have no reason to believe that any security breaches occurred, the intention was to take the site offline rather than to hack into it.”
More alarmingly for Mumsnet users, another poster was targeted by a swatting attack when police were called to her home.
Security vulnerabilities have been patched and all accounts have been reset again, this time requiring users to select complex passwords.
Mumsnet understands that login details were gained through phishing attacks:
“As we’ve said, Mumsnet passwords are encrypted and we use the recommended algorithms for this, with high-strength settings. With phishing, where a hacker gets a user to enter their username and password into a form from which they can capture that information, the hacker doesn’t need to decrypt anything; they capture the password in the browser as it is entered (either by typing it, or if it was automatically remembered by the user’s browser or password manager).
“The list of passwords that has been published includes some that users have identified as being ones that they’ve mistyped. Our database wouldn’t have mistyped ones, only accurate ones, whereas those collected by recording what a user submits would and does contain errors.”
Phishing is a very real problem for numerous companies, not just Mumsnet. Every day, 156 million phishing emails are sent, 15.6 million make it through spam filters, 8 million are opened, 800,000 recipients click on the links, and 80,000 of them unwittingly hand over their information to criminals.
A recent Vormetric Report found that 89% of organisations felt at risk from insider threats – including the threat posed by careless or ignorant staff. If your company supports BYOD (bring your own device), you’ll want to make sure your staff are aware of potential phishing attacks.
IT Governance has produced a handy free infographic to illustrate the threat that phishing poses to organisations. Click here >>