Mumsnet founder Justine Roberts and her family were woken by armed police in the middle of the night in a “swatting” attack, following a co-ordinated online campaign which saw the site DDoS-ed last week and at least 11 user accounts hacked.
Roberts claimed in a post on the site that armed police were also sent to the home of a Mumsnet user who interacted with internet troll @DadSecurity online, after a hoax call was phoned through.
“It's worth saying that we don't believe these addresses were gained directly from any Mumsnet hack, as we don't collect addresses,” Roberts explained. “The police are investigating both instances.”
Although that Twitter account has now been taken offline, the person behind it is suspected of co-ordinating a DDoS attack against the parenting site, which is said to attract 14 million visits each month.
The troll is said to have posted provocative comments including “RIP Mumsnet” and “Our DDoS attacks are keeping you offline" on Twitter.
Although the site was taken offline for less than a day around a week ago, it may have been connected to an attempt to hack the accounts of several users and site admins.
“Later on 12 August, it became apparent that someone/ones had hacked into some of Mumsnet's administrative functions, at which point they were able to redirect our homepage to the @DadSecurity Twitter profile page, as well as to edit posts from two users' account and an MNHQ account on our forums,” Roberts explained.
It’s thought that the attacker phished several accounts by tricking users into entering their credentials into a fake log-in page. Some 11 accounts have already been hacked with one user reporting that posts were made by someone other than herself.
“We take great care to protect the information you give us and not to ask for or store any more information than we need to run the site, but though we can’t know how many accounts have been affected, there have been enough breaches for us to ask all Mumsnet users to change their passwords,” Roberts said.
Mumsnet also advised users to check the HTTPS log-in URL is correct or alternatively use a social (Facebook/Google) log-in option.
Kane Hardy, EMEA vice president at Hexis Cyber Solutions, argued that organizations from all industries should take a leaf out of Mumsnet’s book.
“Recognizing that an attack has been successfully and publicly disclosing the (known) details of the incident is the first step in adequately handling the aftermath of a breach,” he said in a statement.
“The next step should include an in-depth analysis of how the attackers were able to execute the breach on hand and collect the necessary information to make efficient decisions on prevention of future similar incidences.”
Ross Brewer, vice president of international markets at LogRhythm, added that organizations need constant monitoring in place to spot unusual behavior immediately.
“Every business will, at some point, be breached and it is no longer about stopping it happening, but rather identifying and remediating the situation as soon as possible,” he argued.
“The longer a hacker is able to roam free, the more information they can get and, in order to limit the damage both on and offline, getting them out as soon as possible is imperative.”