More than 800,000 accounts compromised in MacRumors Forums breach

Share this article:

About 860,000 members who post on the forums of popular Apple website MacRumors are being asked to change their passwords after accounts were compromised in a hack.

How many victims? About 860,000.

What type of personal information? Usernames, email addresses and hashed passwords.  

What happened? An attacker hacked the forums and gained access to user credentials.

What was the response? An investigation is ongoing with a third party security researcher. A MacRumors administrator posted about the hack, alerting users of the incident and encouraging them to update their information. MacRumors is working to make the website more secure.

Details: A moderator account was logged into and used by the attacker to escalate privileges and steal user credentials. The hack was likened to the July breach of Ubuntu Forums, when an attacker compromised two million accounts after gaining access to a moderator account and taking advantage of vulnerabilities in vBulletin.

Quote: “We are still working to get the forums fully functional and more secure,” Arnold Kim, MacRumors editorital director, said in the notification. “Again, we are very sorry for the breach.”

Source: macrumors.com, “MacRumors Forums: Security Leak,” Nov. 12, 2013

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.