MacRumors is among some of the really popular Mac news sites which also has user forums for related discussions. This Monday, a group of hackers was able to breach the site’s security and gain access to the passwords of 860,000 forum accounts. Now, the hacker behind the attack has spoken up, assuring that he meant no harm.
During the attack, the usernames, emails and hashed passwords of nearly 860,000 forum users were hacked. Apparently, the hacker who pulled this off was able to do so after he gained access to the account of one of the forum moderators. He then enhanced the privileges of that account and gained access to confidential user credentials.
Interestingly, the hacker didn’t post these passwords to any online site or forum. Rather, he went on to pen down a post on MacRumors forums, citing that the hack was done simply to show that the security of the forums wasn’t good enough.
In his post, the hacker who goes by the nick of ‘Lol‘ cited the partial hash for the password of MacRumors Editorial Director Arnold Kim. The hash turned out to be accurate, which proved that the Lol guy is indeed behind the hack.
He also assured the MacRumors users that the group wasn’t going to leak any details and wrote, “We’re not going to “leak” anything. There’s no reason for us to. There’s no fun in that. Don’t believe us if you don’t want to, we honestly could not care less.”
While many security analysts claimed that the hack was successful because MacRumors used an outdated vBulletin version, Lol discounted this assertion, “Stop blaming this on the “outdated vBulletin software”. The fault lied within a single moderator. All of you kids that are saying upgrade from 3.x to 4.x or 5.x have no idea what you’re talking about. 3.x is far more secure than the latter. Just because it’s older, it doesn’t mean it’s any worse.”
In all, although it does seem that the group behind the hack was aiming merely to expose the flawed security of the forums, Lol went on to appreciate the efforts of Arnold Kim. Nonetheless, if you are a user at MacRumors forums, you ought to change your login credentials at the earliest.
Source: MacRumors Forums