MacRumors fears user database was hacked

Subscribers to MacRumors user forums have been advised to change passwords because of a suspected data breach after site was hacked

Subscribers to MacRumors user forums have been advised to change their passwords because of a suspected data breach after the site was hacked.

Editorial director Arnold Kim said in a posting on the site that the attack was still under investigation, but it was best to assume that usernames, email addresses and hashed passwords had been accessed.

He said the site had been hacked in a similar manner to the Ubuntu forums in July, with the MacRumors intrusion involving a moderator account being logged into by the hacker.

The hacker is then believed to have been able to escalate the account privileges with the goal of stealing the login credentials of the site’s 860,000 users.

Like the Ubuntu forums, MacRumors used the MD5 algorithm and a cryptographic salt for each user to convert plain-text passwords into a one-way hash.

Read more about privileged accounts

Security industry experts have been warning for quite some while that privileged user accounts are a top target for hackers and this form of intrusion is becoming increasingly common in targeted attacks.

Other security experts have commented that third-party software typically increases the risk of cyber attack.

“When you use third party components you expose your network to the threats faced by all those applications, significantly increasing your attack surface,” said Amichai Shulman, chief technology officer of security firm Imperva.

“Sometimes you can successfully participate in the who-patches-first race for each and every third-party component you use; but usually you can't and you must rely on virtual patching through a technology like Web Application Firewall,” he said.

Shulman believes that deploying such technology is half the way to success. “The other half depends on how good your supplier is in automatically delivering timely virtual patches,” he said.

Many password experts also consider the MD5, with or without salt, to be an inadequate means of protecting stored passwords.

MacRumors is not yet sure how the original moderator's password was obtained, Kim told Ars Technica.

"We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it yet," he said.

According to Kim, log files examined so far indicate the intruder tried to access the password database, but there are no indications that the passwords are circulating online in any form.

Some MacRumors account holders have reported compromises affecting accounts they have on other sites, but a firm link to the MacRumors security breach has yet to be found.

Read more on Hackers and cybercrime prevention