X

New social network Menshn launches in UK with security holes

Hackers have already found digital leaks in the twitter-style social network from Conservative MP Louise Mensch.

Tom Davenport
Tom Davenport spent several years flirting with music production before admitting he preferred writing about technology online. He once performed in a Superbowl commercial, but you'll never find it online. Tom is a freelance writer and is not an employee of CNET.
Tom Davenport
2 min read

Menshn, the new Twitter-inspired social network from Conservative MP Louise Mensch, has been criticised after users discovered major security issues.

Mrs Mensch founded the site with Luke Bozier, a former Labour aide with digital skills who jumped to the Conservative ship in January. "Twitter is just too random," he said at the launch event. "We want to encourage people to have conversations rather than broadcast their thoughts." It's not a bad idea, but this sort of site needs a flawless launch to win over the digital elite.

Menshn works much like Twitter, but centres around pre-approved chat rooms such as 'tech' and 'ukpolitics'. You can post up to 180 characters to cram extra debatiness into each message, which improves on the classic 140 offered by Twitter, though the idea is to fill it with substantive discussion rather than what you ate for breakfast.

It launched in the UK yesterday after a trial run in the US, to coincide with the ill-fated England v Italy match. But before Italy fired in their final winning penalty, hackers had started exposing weaknesses in the startup.

"If you're using Menshn, don't," programmer James Coglan tweeted. "It's full of trivial web security holes." He outlined a way hackers could intercept emails and passwords from new signups, and says he also found a way to hijack other Menshn accounts.

Meanwhile, prankster (and developer) Syd Lawrence found a less harmful exploit which let him rise up the chart of top users, overtaking Mensch herself. "It only took three lines of code to up-vote my posts," said Lawrence, who enjoyed experimenting with the site, but warned that password security is no joke.

"I reached out to the site owners, but they just claimed there were no issues. It sounded like they were too practiced at sweeping bad news under the carpet, when they could have accepted our help and fixed it in private," he told me.

Menshn staff denied there were any issues, with Bozier insisting the hacker's claims were unfounded.

Today, Bozier accepts there were problems with the site, but all serious flaws have been fixed overnight. "There were a couple of real security issues yesterday, but all have been resolved and no, I repeat no, user data has been stolen or lost," he told me. "Menshn is a safe, secure environment."

He'll also have to convince the Information Commissioner's Office, which told me it will investigate the site's issues and its lack of privacy policy.

Having had another poke around, Coglan confirms that the site is in better shape today, but warns anyone who signed up before last night to change their password anyway to be extra safe. And while you're at it, why not brush up your general password security with an app like LastPass?

Have you tried the new Menshn site? Let us know if you think it's a serious social contender in our comments, or on our Facebook page.