More than 800,000 accounts compromised in MacRumors Forums breach

Share this article:

About 860,000 members who post on the forums of popular Apple website MacRumors are being asked to change their passwords after accounts were compromised in a hack.

How many victims? About 860,000.

What type of personal information? Usernames, email addresses and hashed passwords.  

What happened? An attacker hacked the forums and gained access to user credentials.

What was the response? An investigation is ongoing with a third party security researcher. A MacRumors administrator posted about the hack, alerting users of the incident and encouraging them to update their information. MacRumors is working to make the website more secure.

Details: A moderator account was logged into and used by the attacker to escalate privileges and steal user credentials. The hack was likened to the July breach of Ubuntu Forums, when an attacker compromised two million accounts after gaining access to a moderator account and taking advantage of vulnerabilities in vBulletin.

Quote: “We are still working to get the forums fully functional and more secure,” Arnold Kim, MacRumors editorital director, said in the notification. “Again, we are very sorry for the breach.”

Source: macrumors.com, “MacRumors Forums: Security Leak,” Nov. 12, 2013

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Malware on Backcountry Gear website, payment cards compromised

Malware was installed on the Backcountry Gear website for roughly three months, during which payment cards may have been compromised.

Programming error results in CVS Caremark mailing blunder

About 350 CVS Caremark customers are being notified that a programming error resulted in mailers containing their personal information being sent to the wrong customers.

Seattle University donor checks possibly exposed due to settings error

Seattle University is notifying an undisclosed number of donors that anyone with a Seattle University computer account could have viewed scanned checks.