Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords – Forbes

This story has been updated

British Mensa, the society for people with high IQs, failed to properly secure the passwords on its website, prompting a on its website that has resulted in the theft of members’ personal .

Eugene Hopkinson, a former director and technology officer at British Mensa, stood down this week, claiming that the organization had failed to secure the data of its 18,000 members properly, according to a report in the FT.

Hopkinson claimed that the stored passwords of Mensa members were not hashed, potentially allowing hackers to unscramble them.

That apparent security blunder became all the more serious this week when the society admitted it had been the victim of a . The Mensa website is currently unavailable, merely displaying a message saying “site under maintenance”.

Mensa held an emergency directors’ meeting today in which a source tells me it was confirmed that the Mensa site had been this morning, using the of one of the organization’s directors. It was also confirmed at the meeting that there were logs of Mensa members’ passwords stored in plain text. A Mensa member told the FT that the society had sent him his in plain text within the past year.

MORE FOR YOU

Several stashes of Mensa personal data have been posted onto the Pastebin website, although some have subsequently been removed from the site.

Hopkinson told the FT that the Mensa website held lots of sensitive information on its members, including details, instant messaging conversations and IQ scores of both current members and failed applicants.

“If a breach is found to have taken place, I have no faith that the [Mensa] board and office will report it adequately… or take sufficient mitigating action to prevent further harm,” Hopkinson wrote in an open letter announcing his resignation. A fellow board member resigned in protest at the same issue.

Mensa investigation

A spokesperson for Mensa told the FT that member passwords had been encrypted and that the organization was in the process of hashing passwords. The spokesperson denied that passwords were ever sent out in plain text and that it had handed details of the cyberattack to Britain’s Information Commissioner “with a view to pursuing a criminal investigation”.

Mensa is a non-profit organization, open only to those people who score in the 98th percentile or higher in a standardized IQ test.

I haven’t been able to reach Mensa for comment at the time of publication.

Source: https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/

Leave a Reply