Parenting website Mumsnet is victim of hackers
Mumsnet, which has more than one million UK members, revealed it had asked members to alter their passwords after discovering that hackers had exploited the so-called Heartbleed bug to steal members' data. It is the first company in Britain to announce a data loss.
It came as Canada's tax authority confirmed that it had also fallen foul of the Heartbleed security breach.
In a statement yesterday, Mumsnet said it had first become aware of the problem last Thursday and immediately ran tests to check whether its servers were at risk.
Technicians subsequently applied what is known as the 'Heartbleed patch' to fix the security hole exposing them to the threat from hackers.
However, some members' details had already been stolen.
Founder Justine Roberts said: "It became apparent that users' data submitted via our login page had been accessed prior to our applying this fix.
"As a result, we decided to require all registered Mumsnet users to change their passwords. We have no way of knowing which or how many accounts were affected but have advised users to change passwords on other sites, particularly if they use the same password on Mumsnet as elsewhere."
The Heartbleed bug is a breach in the encryption used to mask the sensitive data passed between computers and servers when users are online.
It has put details such as credit card accounts and passwords at risk.
The flaw was discovered a week ago, having gone undetected for more than two years.
Last week, blogging site Tumblr urged all users to change their passwords immediately to prevent personal and sensitive data being stolen.