Apple gossip site says protection around the passwords might not stop them being brute forced
Apple-focused website MacRumors has admitted a breach of its systems, telling its 860,000 users to reset their passwords.
Editorial director Arnold Kim said the hack was similar to that of the Ubuntu forums earlier this year. “We sincerely apologise for the intrusion, and are still investigating the attack with the help of a third party security researcher. We believe that at least some user information was obtained during the attack,” he told users, in a brief advisory.
“In situations like this, it’s best to assume that your MacRumors Forum username, email address and (hashed) password is now known.
“Canonical provided a post-mortem of the Ubuntu forums attack on their blog. Our case is quite similar, with a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials.
“We are still working to get the forums fully functional and more secure. Again, we are very sorry for the breach.”
It’s currently unclear whether the hashed passwords have been leaked online, but there is no evidence MacRumors user accounts have been compromised.
According to a separate post from Kim, the passwords were protected with the standard MD5 hash and salt. Worryingly for users, Kim admitted those functions were “not that strong, so assume that your password can be determined with time”.
This year has seen some major password breaches, the most infamous being that of Adobe, which affected between 38 and 150 million users. Facebook even moved to force some users to change their passwords, having checked where the same logins were used.
What do you know about Internet security? Find out with our quiz!