On 11 November, the popular Mac News and information site MacRumors user forums have been hacked by hackers, which exposed more than 1.82 million forum users' usernames and e-mail addresses and hashed passwords. In July Ubuntu forums are hacked like this.
MacRumors apologized to its users for the alleged intrusion. The statement claimed that the Web site was already in the process of investigating the attack.
MacRumors Editorial Director Arnold Kim told readers that the exposed passwords were salted and hashed, using vBulletin’s standard MD5 algorithm. Unfortunately, that’s probably an inadequate way to store passwords these days. The use of a different salt for each user can slow down mass-cracking of passwords, but does little to prevent specific users having their passwords determined.
MacRumors announced the security attack in a posting on its site.
They were promptly asked to change the password for the forums. If they faced any problem in doing so, they were asked to contact the Web site. Then they were asked to change the password for other Web sites as well only if the same password was used by them in other Web sites. The users were asked to follow the standard procedure of choosing a 'good' password when they change it for a more secure service. MacRumors users were also asked to use a password manager like 1Password, iCloud or Lastpass for allotting individual password for each Web site they use.
The hacker posted a statement on the MacRumors Forums claiming. You may check the below screenshot, "[W]e're not going to 'leak' anything. There's no reason for us to. There's no fun in that. Don't believe us if you don't want to, we honestly could not care less."
"Consider the 'malicious' attack friendly," the hacker added. "The situation could have been catastrophically worse if some fame-driven idiot was the culprit and the database were to be leaked to the public."
MacRumors apologized to its users for the alleged intrusion. The statement claimed that the Web site was already in the process of investigating the attack.MacRumors Editorial Director Arnold Kim told readers that the exposed passwords were salted and hashed, using vBulletin’s standard MD5 algorithm. Unfortunately, that’s probably an inadequate way to store passwords these days. The use of a different salt for each user can slow down mass-cracking of passwords, but does little to prevent specific users having their passwords determined.
MacRumors announced the security attack in a posting on its site.
They were promptly asked to change the password for the forums. If they faced any problem in doing so, they were asked to contact the Web site. Then they were asked to change the password for other Web sites as well only if the same password was used by them in other Web sites. The users were asked to follow the standard procedure of choosing a 'good' password when they change it for a more secure service. MacRumors users were also asked to use a password manager like 1Password, iCloud or Lastpass for allotting individual password for each Web site they use.
The hacker posted a statement on the MacRumors Forums claiming. You may check the below screenshot, "[W]e're not going to 'leak' anything. There's no reason for us to. There's no fun in that. Don't believe us if you don't want to, we honestly could not care less."
"Consider the 'malicious' attack friendly," the hacker added. "The situation could have been catastrophically worse if some fame-driven idiot was the culprit and the database were to be leaked to the public."
No comments:
Post a Comment