Better get those passwords changed sharpish. Especially those of you that frequent mumsnet. Just spent nearly an hour doing mine. Never going to remember any of them.

http://www.bbc.co.uk/news/technology-27028101

Mumsnet passwords got taken up the Oxo Tower?

Couldn’t have happened to a better site – qua moaning and panic from mums all over.

Penis beaker is still the best forum discussion ever though!

Did the hack involove some kind of back door exploit?

are we sure it wasn’t hora

ChubbyBlokeInLycra – Member
Did the hack involove some kind of back door exploit?

Their security arrangements are going to have to be analysed in depth.

To be fair to Mumsnet,

They’re notable not in so far as they’re the first UK site to be hacked per sé, but rather that they’re the first to know about it. Which is a subtle but important difference. Someone posted a spoofed message, then ‘fessed up that they’d compromised the account with a HB exploit.

It’s easy to point and laugh, but the fact is that they could easily be the latest one of many and we’d never know. I’ll wager that much bigger fish will fry before this all blows over.

What’s the point in changing passwords until they mend the weakness ?

You’ll just have to change them all again anyway.

Surely those with different passwords for different sites should be fine too, it’s all those who have the same word for everything who really need to worry.

What’s the point in changing passwords until they mend the weakness ?

They have fixed it.

coolhandluke – Member

Surely those with different passwords for different sites should be fine too

and only change those that have been confirmed as compromised as and when, right?

and only change those that have been confirmed as compromised as and when, right?

no, the problem with heartbleed is that there’s no evidence stuff’s been taken until it’s used.

best bet is to wait until you know the patch is installed and then change the password, not wait to find a problem with your account.

So in the absence of knowing whether a particular site has been patched, just wait or change them all anyway?

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Change them all as a precaution as I bet it’s a couple of years (or never) since you last changed them anyway.

So in the absence of knowing whether a particular site has been patched, just wait or change them all anyway?

Change any you’re concerned about being exposed.

Change any you’re concerned about being exposed.

We’re talking pants here, right?

Change them all as a precaution as I bet it’s a couple of years (or never) since you last changed them anyway.

Too true – you can’t be too careful about making sure you’re protected against security weaknesses, however remote they might seem and no matter how useless the info seems. After all, as far as these hackers are concerned, any hole’s a goal.