Private messages between Mensa forum members are leaked onto the internet

D’oh!

Graham Cluley
@gcluley

There’s still some confusion about precisely what has been going on at the British branch of Mensa, the club for people who have scored highly in an IQ test but who feel their social lives would be improved by hanging out with other people who chose to join a club after scoring highly in an IQ test.

As previously reported, Eugene Hopkinson is no longer the British Mensa board’s technology officer.

Whether that’s because he resigned the role or was kicked out depends on who you ask.

Sign up to our newsletter
Security news, advice, and tips.

But Hopkinson did tell the Financial TImes that he believed Mensa was storing sensitive information about members’ insecurely.

Mensa UK’s website has been offline ever since, claiming it is down for maintenance.

Obviously the news reports must have concerned many members of Mensa, who were sent an email by the British Mensa chairman, Chris Leek.

We apologise to anyone who has been inconvenienced while the Mensa website has been offline.

It was taken down to allow a full and uninterrupted investigation into a suggestion the Mensa database (that contains information about members) had been breached during a “brute force attack” on January 20.

Considerable efforts have been put in by all our IT contractors and an independent security company to establish whether any member data was accessed in that incident.

We can now tell you that the Mensa database was NOT accessed during that “attack”, and, it follows, no member data was accessed.

In the interests of transparency, we can confirm that there have been two separate incidents where limited personal data of a few members and officers of Mensa has been exposed for a short period of time in the forum area of our website.

It would be good to have a little more detail about these “two separate incidents,” but at the moment Mensa is keeping schtum.

However, over 35MB of files containing over 700 private conversations between members of the Mensa UK forum have been posted on computer underground websites.

From my examination of them, some contain strongly-held opinions about other Mensa members that I suspect the senders would not appreciate being made public.

(I’ve redacted personal information from the screenshot to protect the innocent. I feel there’s no need to mention the name of the sender, the recipient, or the “prat”)

Some of the private messages contain personal information of Mensa members, including their email addresses and telephone numbers.

Amongst those who have had their private messages exposed is the unfortunately-named Chairman of Mensa UK, Chris Leek.

For further discussion, make sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #213: 'No security smarts at Mensa, long-term identity theft, and GameStop's share frenzy'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/65cb8a62-b682-43b2-9d4c-55741ce55289.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

9 comments on “Private messages between Mensa forum members are leaked onto the internet”

  1. Concerned Mensa member here. This is after Leek emailed members to categorically deny there was any leak. They're obviously just lying through their teeth at this point. Can you share any more info about what exactly was leaked – private messages, but in what format? Your screenshot appears to show a messaging app of some kind – what is that? Does the data contain any indication of the source?

      1. The "Leek" that you are claiming was misspelled was actually a reference to "…the British Mensa chairman, Chris Leek." The word "leak" was spelled properly when referring to any data that may have been leaked.
        Perhaps you should read the entire article before posting snarky remarks.

        1. I agree. I could tell it was someone’s name or a media business as there was a proper noun defined by the capital letter. But I did notice that I should probably be allowed to join Mensa. Because there are misspells. I noticed one two words into the quoted website and the original as the article quoted it. Apologize spelling is with a “Z”. Not sure who does Mensa’s site. But yeah….that was a cringe word to misspell

    1. The screenshot is from the private messaging feature of the Mensa forums.

      The source isn't clear, but other members who have seen the leaked files have said the code in the files implies that an account with admin access on the website was used to collect them. Whether an actual admin or an attacker isn't known yet.

      Chris Leek's account was previously used to post member data on the forum. However, I don't see why he would have admin access to the website.

  2. I'm a member of Mensa. I've been in the LinkedIn groups and the Facebook groups and I've seen the discussions. There is nothing particularly juicy or salacious that will be exposed by seeing private group conversations. They're all basically filled with same prattle you'd see on any other open forum on the internet, just with bigger words used.

  3. Whoever wrote this doesn't like mensa most likely because they couldn't get into it. They tried their best to make the mensa society sound pretty by calling it a "club for people who scored highly on an IQ test". The secondhand shame from watching someone get bitter on a literal news blog. Oof

    1. From Mensa's own website:

      "In order to join Mensa, you have to take an approved intelligence test – one which has been properly administered and supervised; and in that test, you need to attain a score within the upper two percent of the general population."

      So, I think my description of Mensa is correct. Isn't it?

      FWIW, no I have never applied for Mensa membership and cannot see any situation where I would – regardless of my ability or otherwise to make the grade.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.