Mumsnet has become the first high profile British website to admit its users' personal data was accessed by hackers via the Heartbleed bug sweeping across the internet.
Hackers may have been able to see usernames, passwords and email addresses.
The site says: "It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone's account being used for anything other than to flag up the security breach, thus far."
Mumsnet also points out that despite its best efforts - like everyone else - it cannot give any cast-iron guarantees that its users' data are now safe, adding: "If there's one thing we've all learned from Heartbleed, it's that there may be security vulnerabilities out there that nobody knows about."
Heartbleed is caused by a flaw in OpenSSL, one of the ways users' data is scrambled as it's passed between online services. In short, the Heartbleed bug unscrambles the data, allowing hackers to see it in full.
At the same time, Canada's tax agency has also had to admit a data breach due to Heartbleed.
The Canada Revenue Agency acted swiftly, putting a SSL patch to fix the bug last Tueesday, but it apparently came too late.
A message on its homepage reads: "The CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period.
"Based on our analysis to date, social insurance numbers of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability."
Anyone affected will get credit protection services "at no cost".
Some 500,000 sites are thought to be at direct risk from Heartbleed.
The bug allows attackers to "eavesdrop on communications, steal data directly from the services and users and to impersonate services and users", and the digital media industry appears to have been caught off guard in a big way.