AfterDawn: Tech news

MacRumors forum hacked and nearly a million accounts compromised, but hacker won't share

Written by Andre Yoskowitz (Google+) @ 14 Nov 2013 18:50 User comments (5)

MacRumors forum hacked and nearly a million accounts compromised, but hacker won't share The Mac and iOS-based news site MacRumors confirmed this week that their forums were attacked by hackers, with 860,000 usernames and passwords being stolen.
Fortunately, the hacker says he will not leak any of the passwords stolen, but MacRumors has still begged users to change their password on the site and on other sites where they might have used the same pass and username combo.

"We're not terrorists," says the attacker, who goes by "lol." "Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place."

The hacker accessed a moderator account for the vBulletin software that runs the site, then escalated their access privileges, eventually dumping a database containing all the usernames, email addresses and passwords. The passwords were md5 hashed and salted, which means they will be cracked within days if not sooner. MacRumors was upfront with their users and confirmed that hash/salt is not secure and reported the breach within hours of it occurring, unlike major corporations, many of which have waited days following attacks to say anything.

"Consider the 'malicious' attack friendly," added "lol." "The situation could have been catastrophically worse if some fame-driven idiot was the culprit and the database were to be leaked to the public." When asked why he didn't just alert the administrators to the flaw, lol responded by saying that "outside of this hobby, *cough*, I do partake in whitehat activities and try to contribute to some open source projects etc."

Previous Next  

5 user comments

115.11.2013 0:29

"Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place."

Funny how criminals are "Never" responsible for their malicious actions, its always someone else's fault.

215.11.2013 11:34

We here in Ireland have just had a major one as well...

More than 1.5 million people are now known to have had personal information compromised by a major security breach at a Co Clare-Ireland based company which manages customer loyalty schemes across Europe.

A Garda (Irish police) investigation has been launched into what is fast becoming one of the worst data breaches in the history of the State.

315.11.2013 13:58

I'd translate the hacker's comment more as, "Stop worrying, so we have more time to try to access other accounts you may have, that use the same login" ^^' .

415.11.2013 14:52

Some white hat hackers/crackers will do this to put the frighteners to businesses just to make them aware of their security flaws, but time will tell whether this one is such an example.


516.11.2013 2:03

When asked why he didn't just alert the administrators to the flaw, lol responded.... because if he had done so do you think they would have acted in such a quick manner to make it known, if at all.
We saw in UK with 'Pleb Gate & 'NOTW' phone hacking that even when faced with the evidence/truth Organisations, people will go to any lengths to cover it up.
We're all able to take action now on Forums run by the same SW who'd have been oblivious to the problem but for lol going public.

Comments have been disabled for this article.

Latest news

A bug in Chrome allows you to download Netflix movies A bug in Chrome allows you to download Netflix movies (25 Jun 2016 15:21)
A group of security researchers have found a vulnerability in Google's Chrome browser that allows downloading movies straight from Netflix. This is obviously not a feature especially the entertainment ....
7 user comments
Three out of four Netflix customers would rather cancel than watch ads Three out of four Netflix customers would rather cancel than watch ads (25 Jun 2016 14:05)
For a long time Netflix was adamant on its pricing. No changes were made for a long time and everything seemed to be good. The markets obviously reacted and more expensive deals and original ....
5 user comments
Apple Music left in the dust, Spotify at 100 million subscribers Apple Music left in the dust, Spotify at 100 million subscribers (25 Jun 2016 12:01)
Spotify has told The Telegraph that it has surpassed the 100 million mark in subscribers. Paying subscribers was earlier this year reported to have passed 30 million. Apple meanwhile is having ....
2 user comments
Rumor has it that Apple has cancelled iPhone's dual camera Rumor has it that Apple has cancelled iPhone's dual camera (18 Jun 2016 18:05)
The next iPhone will be a major upgrade to current iPhone 6s. This biyearly full upgrade cycle provides us with a bigger upgrade every two years. But how will Apple update its number one product, ....
6 user comments
OnePlus releases new flagship killer, smaller X discontinued OnePlus releases new "flagship killer", smaller X discontinued (18 Jun 2016 16:11)
The small Chinese smartphone maker OnePlus took the world by storm two years ago by releasing a super cheap flagship smartphone. They called it the flagship killer, and it indeed challenged ....
4 user comments

News archive