7 updates
9 April 2014

Heartbleed hack steals data from Mumsnet

The leading UK site for parents has had users data compromised by hackers then using 'Heartbleed' exploit. Technology firms have urged the public to change passwords amid fears the Heartbleed bug could leave sensitive data vulnerable to hackers.

Live updates

The Mumsnet logo Credit: Mumsnet

The leading UK site for parents has had users data compromised by hackers then using 'Heartbleed' exploit.

Mumsnet sent an email to users, warning that the hackers may have passwords and personal messages before network administrators were able to fix the vulnerability.

The website has urged all users to change their passwords.

Read: Heartbleed hackers could target 'unpatched systems'

The National Security Agency (NAS) have denied that they were aware of the Heratbleed bug before the security flaw was made public.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.

The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services.

If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

– Spokesperson Caitlin Hayden, US National Security Council

The denial follows claims the NSA had known about the flaw for up to two years.

Read more: NSA 'knew about Heartbleed and used it to mine data'

A padlock logo indicates that a company is using the OpenSSL security programme with the flaw. Credit: Tim Goode/EMPICS Entertainment

The US National Secutiry Agency (NSA) has knew about the Heartbleed bug for at least two years before it was revealed, according to Bloomberg.

One person 'familiar with the matter' told the news agency that the NSA preferred to keep the bug secret in order to harvest the private data the flaw exposed.

The US Government have warned that hackers are attempting to exploit the 'Heartbleed' bug by scanning networks to see if they are vulnerable, saying they could now "exploit unpatched systems".

An illustrated picture shows source code of a computer. Credit: Sebastian Kahnert/DPA

Larry Zelvin, a Department of Homeland Security official who runs an agency centre that monitors and responds to emerging cyber threats said on his White House blog:

"While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems."

While big companies such as Facebook rush to secure their sites against a major security flaw, many smaller sites could be at risk.

Read the full story ›

Finnish security firm Codenomicon has set up a dedicated website to give people information about the Heartbleed bug, a glitch in the OpenSSL security product that may have put internet users' personal data at risk.

It comes after the firm, along with Google Security, revealed earlier this week that the bug had gone undetected for two years and could be used by hackers to steal sensitive information such as passwords.

Read: 'Change every password' warning over Heartbleed bug

Several technology companies have urged the public to reset their passwords amid fears of a major security problem with a product used to protect people's personal data.

The Heartbleed bug affects OpenSSL, which many companies use to protect sensitive information, including people's password.

A small padlock icon appears on websites using OpenSSL to reassure users, but the loophole in the programme could have left it open to exploitation by hackers.

The log-in page for an online bank shows the OpenSSL padlock icon Credit: Tim Goode/EMPICS Entertainment

Blogging platform Tumblr posted a public notice about the bug, advising users to "take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking".

Finnish security company Codenomicon also said it would be "a good idea" to change potentially vulnerable passwords.

Latest ITV News reports

Heartbleed bug 'could affect 50% of websites'

While big companies such as Facebook rush to secure their sites against a major security flaw, many smaller sites could be at risk.

Heartbleed hack steals data from Mumsnet

Live updates

Heartbleed hack steals data from Mumsnet

NSA deny knowing about the Heartbleed bug

Advertisement

NSA 'knew about Heartbleed and used it to mine data'

Heartbleed hackers could target 'unpatched systems'

Heartbleed bug 'could affect 50% of websites'

Security firm sets up website on Heartbleed bug

Advertisement

Public urged to 'change every password' amid bug worry

Latest ITV News reports

Heartbleed bug 'could affect 50% of websites'

UK's top civil servant Sir Mark Sedwill to stand down

Controversial appointment of Brexit aide as National Security Adviser

Scotland records no new virus deaths for third day running

'UK on a knife edge ahead of further lockdown easing'

What does lockdown lifting look like across the UK?

Check coronavirus cases in your area with our interactive map

What can you expect when pubs, bars and restaurants reopen?

US President retweets video containing 'white power' chant

Leicester could see local lockdown following rise in coronavirus cases

Biden slams Trump over report Russia paid militants for attacks