Hey guys, "hacker" here. I'm going to disprove some of the comments you guys have been making.
I'll need to provide some sort of proof to prove it's me. Arn, the first 16 bits of your old password hash was cd89d763f091c664. Your salt is (or was?) #er<ib"E%R0sa%`8b%N3+!5<J&PqnT.
First of all, regarding the passwords. As far as I'm aware, the older versions of vbulletin and the current all share the same hashing algorithm. 860106 users were dumped. Out of those, 488429 of them still had a salt which had a length of 3 bits. Anyone that'd been active recently will have a longer salt, which will slow down the hash cracking by a fraction of the time it would have taken (duplicate salts = less work do do, it's like to have many with a 3 bit salt). We're not "mass cracking" the hashes. It doesn't take long whatsoever to run a hash through hashcat with a few dictionaries and salts, and get results. We're not logging in to your gmails, apple accounts, or even your yahoo accounts (unless we target you specifically for some unrelated reason). We're not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place.
Second of all, I personally think Arn done a great job disclosing the details of what had happened in the time that he took to do so. Many other huge companies and corporations, probably some that you're all registered to, have taken days, weeks, or even never, to report a compromise. You should be thankful.
Third, we're not going to "leak" anything. There's no reason for us to. There's no fun in that. Don't believe us if you don't want to, we honestly could not care less.
Foruth, stop balming this on the "outdated vBulletin software". The fault lied within a single moderator. All of you kids that are saying upgrade from 3.x to 4.x or 5.x have no idea what you're talking about. 3.x is far more secure than the latter. Just because it's older, it doesn't mean it's any worse.
That concludes it. Consider the "malicious" attack friendly. The situation could have been catastrophically worse if some fame-driven idiot was the culprit and the database were to be leaked to the public.