MacRumors Database Hacked and 860K Account Passwords Exposed
MacRumors is reporting that their forum database has been compromised, and although the passwords were hashed, they are admitting that the default vBulletin hashing mechanisms may not be adequate to protect the users’ passwords.
The site was compromised after someone was able to log into the system with a moderator account and then escalate privileges.
The straightforward approach that MacRumors has taken with regards to the breach is to be commended. Instead of attempting to cover up the breach, or make assumptions regarding the level of security the hashed passwords provided, they were quite up front with their community.
It is worth noting that bulletin boards in particular are a popular target for stealing credentials, as the level of security for these systems is much less than a bank, or commercial social media site for example.
However, if credentials are compromise from one of these systems, many people use the same password for their other accounts, which provides the attacker with a much easier route to compromising the more high value target.
It is important to use different passwords for different websites, utilizing password creation/management tools such as 1Password, KeePass and LastPass, which can help keep accounts secure, as well as making password management much easier to work with.