Mumsnet hit as Heartbleed spreads

Mumsnet has become the first high profile UK victim of the Heartbleed bug, although the potential theft of its 1.5 million users’ personal details is likely to be the just the tip of the Heartbleed iceberg, according to security experts.
The social networking site first noticed something was awry when a hacker logged on using co-founder Justine Roberts’ own username and password to post a message online.
Roberts said the hackers then informed Mumsnet’s administrators that the attack was linked to the Heartbleed flaw and told them the company’s data was not safe.
News first broke about the existence of the Heartbleed bug last week and it has kicked off a frenzy of activity as online giants rush to reassure customers that their data is safe, while others bring out so-called “patches” to fix the issue.
However, the scale of the problem appears to be escalating by the day. Initial reports claimed that hundreds of thousands of web and email servers worldwide which run open source software were under threat, but now it has emerged that it could also hit consumer devices.
Hardware including smartphones, routers and cable boxes are all potentially affected, posing the risk of anything from data theft to attackers seizing control of the vulnerable device.
President of security firm Lieberman Software Philip Lieberman told the Guardian: “Network-connected devices often run a basic web server to let an administrator access online control panels. In many cases, these servers are secured using OpenSSL and their software will need updating.
“However, this is unlikely to be a priority. The manufacturers of these devices will not release patches for the vast majority of their devices.”
Some manufacturers have confirmed that their devices are not affected. Belkin says that its routers, as well as those of its Linksys subsidiary, are safe.
But networking giant Cisco has confirmed that a number of its products are vulnerable, including desktop phones and video conferencing hardware. It is investigating a further 83 products for potential vulnerabilities. “The list of compromised devices is huge,” Lieberman said.

1 Comment on "Mumsnet hit as Heartbleed spreads"