Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors Forums: Security Leak

oliversl

macrumors 65816
Jun 29, 2007
1,483
366
At what time was the hack? I just received yesterday an email from Google saying someone accessed my gmail account from San Jose, CA, USA, with IP 173.245.67.55

Thanks
 
Last edited:
Comment

MacVidCards

Suspended
Nov 17, 2008
6,096
1,054
Hollywood, CA
Uh, gee MacRumors. If you were hacked, why not email your members to change their passwords, instead of posting it on your front page. Not everyone checks your site on a daily basis.

This.

I'll bet there are folks who only come here to ask questions when they can't load "Angry Birds 2" on their iPod.

And some of them might use same email and password on their bank/Paypal sites.

So if they don't happen to come by here, that gives the hackers a few weeks to empty their accounts out.

When other sites I belong to have been hacked they sent an immediate email with details and instructions to start changing passwords.

Seems like that should be standard protocol.
 
Comment

iSRS

macrumors 6502
Mar 2, 2010
433
194
Interesting. I use a Yahoo email for my profile on this site. I received a notification from Yahoo saying my account was locked due to suspicious activity. I was surprised, as I hadn't been doing anything with it in the last few days.

Wonder if they were trying to hack into my Yahoo account from data stolen here?

I use a different password for every site that I have an account, and several different user names across those various sites.

Ha, that's the exactly same thing that happened to me yesterday. So the hacker uses our emails registered with MacRumors and tried to get to Yahoo email accounts, using the same passwords. I didn't use the same password, so I guess they failed. But they could get into someone else account.

Did anyone else have the iMessage/FaceTime message or the Yahoo break-in attempt? I want to know if this was an active attack across accounts. Not good if you used the same password for everything before the attack.

I got the "need to change your yahoo" email/notification this morning. I don't use yahoo email for this site though. Not iMessage/FaceTime because that is another account altogether for me.

Same problem here, I cannot get MacRumors to work with iCloud Keychain.

1. Latest version of Mavericks on MacBook Air.
2. iCloud Keychain will offer to generate a password for me (and it autofills the fields when offered).
3. Try to login on MacRumors and it will never autofill the fields.
4. Using latest version of Safari, I have "AutoFill user names and passwords" and "Allow AutoFill even for websites that..." checked in the preferences.
5. Disabling popup blocking, disabling Safari Extensions, and restarting Safari and the Mac did not help.
6. MacRumors does not show up in the Passwords section of the Safari preferences, nor in the Keychain Access app. In other words, it offered to save the password for me, generated a password for me, and filled it, but seems like it never saved it.
7. Also tried it on the iPad winning iOS 7.0.3, same deal there.
8. I have other sites that are working with iCloud Keychain (and are visible int he preferences and in Keychain Access, so I know it's not that the whole thing is not working.

Any ideas what I'm doing wrong?

It worked on my iPad. It didn't at first, but I hadn't enabled it on my iPad, which I thought I did. Once I did, worked like a charm.

Same here :)

I mean, will not be losing any sleep over this. Changed my pass. Thanks MacRumors for being open and honest.

Yeah, agreed. I live in a state (won't say here, dislike the place) that the DOR was hacked last year. SSN, financial info, DOB, etc. all hacked. Took over a month for them to make it known.
 
Comment

charlieroberts

macrumors 6502a
Feb 5, 2007
594
111
Just changed my password using the safari suggested password, and have done this for all my accounts recently. Really useful tool.

I tried doing this but then safari would not autofill the password, and i can't find it anywhere. Had to change it again via recovery.

did it just work for you?
 
Comment

yg17

macrumors G5
Aug 1, 2004
14,989
2,758
St. Louis, MO
Not MacRumors fault. People need to take ownership of their own lack of security practice.


I use the same password for some online banking accounts, what's someone gonna do with it? See that I ate at Panda Express for dinner and pay my credit card bill? :rolleyes:
 
Comment

AppleScruff1

macrumors G4
Feb 10, 2011
10,026
2,948
For the record, all the warnings and timeouts I received in the past were when someone hacked my account. :D
 
Comment

caesarp

macrumors 6502a
Sep 30, 2012
967
388
Someone explain to me why this is a big deal? In other words, so what if someone has my username and password here. So they can post as me and make snarky remarks about apple products?

It's not like my credit card info or SSNs are stored here. So what is the concern? Please explain.

----------

how ironic we just talked about this in ECommerce class today.

"should a company announce a security leak right away before the media gets wind of it or wait til they know what happened exactly and how to fix it?"
If you don't know what happened there is nothing to announce. Maybe no personal info was accessed. If so, not a breach under most state laws.
 
Comment

OSMac

macrumors 65816
Jun 14, 2010
1,451
6
Someone explain to me why this is a big deal? In other words, so what if someone has my username and password here. So they can post as me and make snarky remarks about apple products?

It's not like my credit card info or SSNs are stored here. So what is the concern? Please explain.

Think it's a concern that they have your email too.

Some people may use the same password here and for other services that can be accessed with a email address, Paypal, google, apple App Store etc.
 
Comment

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
I changed my passcode for this and other sites. I am now using iCloud keychain and letting it make my pass codes. I also changed PayPal, eBay, and others. So they all have a different pass code. They also had different pass codes, but I would change 1-2 letters.

I just wish iCloud had an export option or something.
 
Comment

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
Someone explain to me why this is a big deal? In other words, so what if someone has my username and password here. So they can post as me and make snarky remarks about apple products?

It's not like my credit card info or SSNs are stored here.

A lot of people will use the same email and pass code for other things. Many many years ago I did the same for my email account and eBay. I learned the hard way and thankfully it wasn't bad
 
Comment

dolphin842

macrumors 65816
Jul 14, 2004
1,168
28
Any chance the forums will get SSL/TLS support? How are passwords sent currently when logging in?
 
Comment

caesarp

macrumors 6502a
Sep 30, 2012
967
388
Think it's a concern that they have your email too.

Some people may use the same password here and for other services that can be accessed with a email address, Paypal, google, apple App Store etc.

Yeah but they would have to use the same username also and the bad guys would have to randomly try different sites. Not likely. I think the concerns are way overblown and exaggerated.

Unless an individual is specifically targeted for time consuming efforts by the bad guys I don't see the real danger from a forum password. Maybe spam. that's it via the email address. Easily handled via filters.

----------

A lot of people will use the same email and pass code for other things. Many many years ago I did the same for my email account and eBay. I learned the hard way and thankfully it wasn't bad

So the bad guys will take thousands of emails and manually try various sites?
 
Comment

Ledgem

macrumors 68000
Jan 18, 2008
1,905
734
Hawaii, USA
Someone explain to me why this is a big deal? In other words, so what if someone has my username and password here. So they can post as me and make snarky remarks about apple products?

It's not like my credit card info or SSNs are stored here. So what is the concern? Please explain.
The worst they can do? Learn your email address, your user name, and your password. If your password wasn't created with a random generator, then they'd have an idea of how you choose your passwords. If you use the same username on any other sites, they'd likely be able to gain access to them. If any of those sites have security questions, they might be able to gain access to your answers. All of this information can be compiled and then used against juicier targets than web forums, where they can gain even more details about you. At absolute worst, this could lead to identity theft, leaving you to clean up a credit mess after a criminal went on a spending or activity spree, posing as you.

Is it likely that this would actually happen? It doesn't seem like it, but these types of things are unfortunately very common and their incidence only seems to be increasing. As the saying goes, "it isn't paranoia if they really are out to get you." Your information and identity has monetary value to a lot of people, so consider that they are indeed out to get you, and operate accordingly.
 
Comment

caesarp

macrumors 6502a
Sep 30, 2012
967
388
They will have automated methods to test matching credentials against target websites.

Well my email here and password do not match anything dealing with money or personal info on another site. And not because I'm careful. It's because the requirements to login are so different everywhere. I'm not worried.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.