Establishing Digital Trust: Don't Sacrifice Security for Convenience
MacRumors owner Arnold Kim recently announced that the site's forums had been hacked in a manner similar to the breach of the Ubuntu Forums in July 2013, which exposed more than 1.82 million forum users' e-mail addresses and hashed passwords (h/t Ars Technica).
With the help of a third party security researcher, Kim said, he was able to determine that at least some of the MacRumors Forums' 860,000 users' information was obtained. "In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known," he wrote.
Kim said the breach occurred when a moderator account was accessed by the hacker, who was then able to escalate their privileges in order to steal user login credentials.
Later, the hacker posted a statement on the MacRumors Forums claiming, "[W]e're not going to 'leak' anything. There's no reason for us to. There's no fun in that. Don't believe us if you don't want to, we honestly could not care less."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Consider the 'malicious' attack friendly," the hacker added. "The situation could have been catastrophically worse if some fame-driven idiot was the culprit and the database were to be leaked to the public."