Cyber Security

British Mensa website hacked after directors quit over ‘data protection failures’

Published

on

The British Mensa website has suffered a cyber-attack following reports from disgruntled employees that the organization failed to protect its members’ data.

British Mensa, which has around 18,000 members, fell victim to an unknown actor last week, forcing its website offline.

The site is currently serving a 503 Service Unavailable error, while a static page states it is “under maintenance”.

Attack

Forbes reported that the British Mensa site had been accessed using the credentials of one of the organization’s directors.

This comes after two directors quit their roles due to concerns that Mensa was not hashing members’ passwords.

Eugene Hopkinson, Mensa’s technology director, told the Financial Times that he stood down after the organization failed to properly protect sensitive data records.

Mensa, a members’ club for those with an IQ of 148 and above, holds data such as the IQ scores of members and failed applicants, instant messaging conversations on its website, payment card numbers, passwords, email details, and home addresses, according to Hopkinson.

Hopkinson accused British Mensa of not hashing the passwords, claiming he has been in a battle with the group on the subject since 2018.

Emily Shovlar, a fellow British Mensa director, has also quit her role due to data security concerns.

A spokesperson told the Financial Times that passwords were encrypted and have never been sent out in plaintext, adding that the hashing of passwords is “being completed”.

The Daily Swig has reached out to British Mensa for more information on the cyber-attack.

Source: https://portswigger.net/daily-swig/british-mensa-website-hacked-after-directors-quit-over-data-protection-failures

Click to comment
Exit mobile version