MacRumors forum hacked more than one million of users at risks

Pierluigi Paganini November 13, 2013

MacRumors, the Mac news and information website and user forums, was hacked, more than 860,000 accounts were potentially compromised.

MacRumors, the popular Mac news and information website and user forums have been hacked this week, according the first news circulating on the internet more than 860,000 accounts were potentially compromised on the total of 1.8 million registered members the site claimed to have today.

The owner of the MacRumors website, Arnold Kim, confirmed the hack and apologized for the incident, he also revealed that a hacker compromised a moderator account to penetrate the platform, once inside he has escalated its own privileges to steal user credentials.

We are looking into it further to see if there was another exploit, but there hasn’t been any evidence of it yet.

The hacker accessed to the usernames, emails and hashed passwords of the MacRumors website accounts, the users have been informed of the necessity  to change their passwords on the forums to avoid consequences. It’s known that the MD5 hashing method is not considered safe to use on commercial websites, hackers in fact could easily go back to the original passwords.

As usual more exposed are those users that share the same credentials between different web services.

macrumors breach 640x384
Arnold Kim sustains that MacRumors had been hacked in a similar manner to the Ubuntu forums , he also promised to improve the security of the platform to avoid future problems.

We are still working to get the forums fully functional and more secure,”

In a first time Kim confirmed that, according to the Log file, the hacker tried to access the password database, but there are no indications that the passwords are circulating online in any form, but he successively reported to Threatpost that the attacker behind the MacRumors Forums data breach was “friendly” and that none of the data accessed will be leaked. Arnold Kim confirmed to Threatpost journalists that the hacker posted on the forums a message to the community.

To proof the hack the hacker posted a portion of Kim’s password hash and salt, he also blamed a MacRumors Forums moderator whose credentials was stolen and used to access the password database.

“We’re not going to ‘leak’ anything. There’s no reason for us to. There’s no fun in that. Don’t believe us if you don’t want to, we honestly could not care less,” the hacker wrote.

The hacker confirmed that 860,106 passwords were dumped, and 488,429 still had a salt at least three bits long.

“Anyone that’d been active recently will have a longer salt, which will slow down the hash cracking by a fraction of the time it would have taken (duplicate salts = less work do, it’s like to have many with a 3 bit salt),” the hacker’s post said. “We’re not ‘mass cracking’ the hashes. It doesn’t take long whatsoever to run a hash through hashcat with a few dictionaries and salts, and get results.”“We’re not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place,” the hacker wrote.

The hacker blamed the users for bad habit of re-using passwords instead to criticize the security offered by MacRumors platform, he also added that the credentials are not being exploited to log into a web-based email accounts or other online services.

Pierluigi Paganini

(Security Affairs – MacRumors , hacking)

you might also like

leave a comment