Skip to main content

MacRumors forums hacked exposing passwords of 860,000 users

The popular MacRumors forums were breached on Monday in a targeted attack.

It is possible that the hackers obtained the usernames, emails and cryptographically protected passwords of all 860,000 users, the site's owner revealed on Tuesday.

"Yesterday, the MacRumors Forums were targeted and hacked in a similar manner to the Ubuntu forums in July," Arnold Kim wrote in a post on the site.

"We sincerely apologize for the intrusion, and are still investigating the attack with the help of a 3rd party security researcher. We believe that at least some user information was obtained during the attack."

He said the intrusion involved the hacker gaining access to a moderator account, which then allowed the intruder to escalate their own privileges with the goal of stealing user login credentials.

Kim then issued the standard recommendation to users that they change their passwords on the forums, as well as any other sites or services where the same password has been used.

"Also, you should generally keep separate passwords for every service, for situations just like this, he added. "To help manage distinct passwords for every website, you can use a password manager such as Lastpass, 1Password or iCloud keychain in Mavericks."

As the breach was similar to that of the Ubuntu forums attack, while MacRumors is investigating, Kim has pointed users to Canonical's postmortem of the attack on their service in July.

"In summary, the root cause was a combination of a compromised individual account and the configuration settings in vBulletin, the Forums application software. There was no compromise of Ubuntu itself, or any other Canonical or Ubuntu services," the firm explained in a blog post.

"We're not sure how the original moderator's password was obtained, but it seems like they just logged in with it," Kim added in an email to website "We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it yet."

Users have reacted fairly angrily to the news. One wrote: "Why were you storing our passwords in the first place? You are supposed to store an irreversible hash of them instead."

Another said: "You could have ****ing told us as soon as it happened, the forum had been in maintenance mode for ages, why not tell us as soon as you put it like that?"