Just curious.... what is the best way for websites to store and protect this sort of data?
And why isn't every website doing that RIGHT NOW?
I often wonder this... after reading about the countless attacks like these over the years.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MacRumors Forums: Security Leak
- Thread starter MacRumors
- Start date
- Sort by reaction score
Just curious.... what is the best way for websites to store and protect this sort of data?
And why isn't every website doing that RIGHT NOW?
I often wonder this... after reading about the countless attacks like these over the years.
salt and pepper encryption system , which few use.
most just salt them and store in DB
designed a few myself.....there unstoppable.
The hackers harvest as much as they can - email, account logins, password if they can. They have automated tools that will then go through and try to get into other sites/email using that info.
Since many people will use the same details, if they even manage to get into a few peoples actual details, thats worth it. From then on its your bank, credit card etc they can target.
If all else fails, they still sell the stolen data to a bunch of data miners for marketing purposes. e.g. things like average age of poster, where they live, name etc etc.
Its all very scary and very real
Since many people will use the same details, if they even manage to get into a few peoples actual details, thats worth it. From then on its your bank, credit card etc they can target.
If all else fails, they still sell the stolen data to a bunch of data miners for marketing purposes. e.g. things like average age of poster, where they live, name etc etc.
Its all very scary and very real
Wait wait... This only affects users logged at the time of the attack?
Because I didn't logged in since september, so... does that mean my email-pass is safe?
I'm worried...
I'm changing other sites' passwords in other Safari's tabs, while MacRumors is oppened in this Safari tab. Is this safe? Or may be any security issue entering MacRumors? Thanks.
That would be awesome, yes.
Well this is annoying - iCloud Keychain doesn't even work for this site (it doesn't remember the password when I log in on my iPad/iPhone).
To see the complex password stored by safari on your iOS device, simply go to Settings>Safari>Passwords & AutoFill>Saved Passwords and select the site you need the saved password for, enter your device passcode and copy the password from there using the normal iOS copy and paste routine.
1. Enter User Name and Password in Macrumors Forum Login
2. Do Not Hit Log In
3. Instead Refresh Page in Safari
4. Dialog Box asks if you want to reload page, click Reload
5. Keychain dialog box should now come up
Source: https://forums.macrumors.com/threads/1661881/
Edit: Why doesn't it work for Bank of America and other sites similar to this? Will we see updates on Keychain's side of the website to get functionality up to par?
Last edited:
Reset Passwords For All Users?
Why don't you guys reset the passwords for all users? Tons of people aren't going to reset them because they'll never hear the news.
Why don't you guys reset the passwords for all users? Tons of people aren't going to reset them because they'll never hear the news.
You've been asking this question for a few hours now. Have you gone to apple and reset your password ?
Hopefully you have.
If this happened to the Ubuntu forums a few months back, why didn't you idiots do something about it before it happened to you?
You should all be fired.
It's possible...very possible. I would advise you to change all of your passwords that are the same and then I will tell you to be smarter with your accounts next time. Your iCloud password is sacred. No other password should be the same. Just like your bank account.
Yes, I have. I'm just worried about other accounts as well. Are iCloud generated passwords secure enough? The password I was using before seems a lot more complex to me (more special characters, not just hyphens)
If MacRumors was really taking this as seriously as they portray to be then the article on the front page would stay at the top of the page for an extended period of time. Instead the article has already been pushed down by two other articles and tomorrow it probably won't even be on the front page anymore. Almost seems intentional to try and get it off of the front page as soon as possible. Not surprised that it wasn't a second page story.
This is a good textbook case of how not to handle security and and how not to react to being hacked.
This is a good textbook case of how not to handle security and and how not to react to being hacked.
thank you!!!
Of course! Be sure to thank the genius who discovered it, not the reposter lol.
That's like saying some people in China got the Bird Flu and you heard about it but didn't get the bird flu vaccine because you were a continent away and then a few months later you contracted the bird flu. The are plenty of forums using vbulletin, the odds were in their favor.
So disrespectful. And you should stop coming here if you really feel that way. They didn't ask you to come here, you came on your own.