Hack of MacRumors forums exposes password data for 860,000 users

  • 13 November 2013
  • 2 replies
  • 2 views

Userlevel 7
Badge +54
MacRumors user forums have been breached by hackers who may have acquired cryptographically protected passwords belonging to all 860,000 users, one of the top editors of the news website said Tuesday evening.

"In situations like this, it's best to assume that your MacRumors Forum username, e-mail address and (hashed) password is now known," Editorial Director Arnold Kim wrote in a short advisory. He went on to advise users to change their passwords for their MacRumors accounts and any other website accounts that were protected by the same passcode.

The MacRumors intrusion involved "a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials," Kim said. The company is still investigating how the attacker managed to compromise the privileged account.

"We're not sure how the original moderator's password was obtained, but it seems like they just logged in with it," Kim wrote in an e-mail to Ars. "We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it yet." Kim also told Ars that log files examined so far seem to indicate the intruder "tried to access" the password database. At this early stage, there are no indications that the passwords, either in cryptographically hashed or cracked format, are circulating online. There's also no sign that the hackers were able to access any other data than that belonging to the use forums.
 
Full Topic

2 replies

Userlevel 7
Hope it will never happen to this Webroot Community site.
Userlevel 7
Thanks for posting the story, Jasper_The_Rasper . There is a follow-up to this story (posted yesterday on ARS Technica). Looks like the hacker, who goes by the name of Lol, has pledged that he's not using the passwords to log into any other user accounts and "has no plans to use it to mass compromise the accounts of poeple who use the same login credentials on other sites." Naturally, ARS advises readers to be skeptical and not take his word for it.

Reply