There’s still some confusion about precisely what has been going on at the British branch of Mensa, the club for people who have scored highly in an IQ test but who feel their social lives would be improved by hanging out with other people who chose to join a club after scoring highly in an IQ test.
As previously reported, Eugene Hopkinson is no longer the British Mensa board’s technology officer.
Whether that’s because he resigned the role or was kicked out depends on who you ask.
But Hopkinson did tell the Financial TImes that he believed Mensa was storing sensitive information about members’ insecurely.
Mensa UK’s website has been offline ever since, claiming it is down for maintenance.
Obviously the news reports must have concerned many members of Mensa, who were sent an email by the British Mensa chairman, Chris Leek.
We apologise to anyone who has been inconvenienced while the Mensa website has been offline.
It was taken down to allow a full and uninterrupted investigation into a suggestion the Mensa database (that contains information about members) had been breached during a “brute force attack” on January 20.
Considerable efforts have been put in by all our IT contractors and an independent security company to establish whether any member data was accessed in that incident.
We can now tell you that the Mensa database was NOT accessed during that “attack”, and, it follows, no member data was accessed.
In the interests of transparency, we can confirm that there have been two separate incidents where limited personal data of a few members and officers of Mensa has been exposed for a short period of time in the forum area of our website.
It would be good to have a little more detail about these “two separate incidents,” but at the moment Mensa is keeping schtum.
However, over 35MB of files containing over 700 private conversations between members of the Mensa UK forum have been posted on computer underground websites.
From my examination of them, some contain strongly-held opinions about other Mensa members that I suspect the senders would not appreciate being made public.
(I’ve redacted personal information from the screenshot to protect the innocent. I feel there’s no need to mention the name of the sender, the recipient, or the “prat”)
Some of the private messages contain personal information of Mensa members, including their email addresses and telephone numbers.
Amongst those who have had their private messages exposed is the unfortunately-named Chairman of Mensa UK, Chris Leek.
For further discussion, make sure to listen to this episode of the “Smashing Security” podcast: