MacRumors Web Site Hacked, 860,000 User Accounts Compromised

One of the most popular web forum related to tech news, MacRumors, has apparently been hacked. The Web site has about 860,000 users who have been asked to change their password with an immediate effect as hackers could compromise one of the admin accounts for stealing personal as well as login data.

Arnold Kim, one of the admins of the Web site, posted a statement on MacRumors site on Nov 12, 2013 at 2:48 PST that the Web site forums were targeted as well as hacked in the same manner Ubuntu forums had been hacked in July 2013. MacRumors apologised to its users for the alleged intrusion. The statement claimed that the Web site was already in the process of investigating the attack.

It said that it was probing into the intrusion with the help of a third party security researcher. They believed that there were some user data which the hacker was able to obtain during the attack. The users were asked to assume that their email address, username and password for the forum were known to the hackers. The users of the MacRumors Forum were asked to do following things.

They were promptly asked to change the password for the forums. If they faced any problem in doing so, they were asked to contact the Web site. Then they were asked to change the password for other Web sites as well only if the same password was used by them in other Web sites. The users were asked to follow the standard procedure of choosing a 'good' password when they change it for a more secure service. MacRumors users were also asked to use a password manager like 1Password, iCloud or Lastpass for allotting individual password for each Web site they use.

The statement further informed that Canonical's post-mortem of the hacking of Ubuntu forums showed that similar methods were used in hacking the MacRumors Web site. The hacker logged in with a moderator account and then was able to take advantage of the privileges for stealing login credentials.