Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors Forums: Security Leak

My password is 14 characters long...mixed with letters, numbers randomly.

So with this security leak/breach....all they got was an ENCRYPTED password file and they would need to use brute force on the password file?

Or the hackers got an UNENCRYPTED password file and knows everyones passwords now?
 
Hopefully this will clear some things up. There is only one "hacker." His username that he uses on other websites is clockwize0. He simply logged into one of the moderator's accounts, got the encrypted passwords, and paid off somebody to crack arn's password for him (he didn't even do it himself). I have a feeling that he might have targeted some accounts, posted them on the password cracking forum to pay somebody to crack them for him, and used the passwords on a bunch of websites to try to access accounts that use the same password. By the way, anything he says is BS. He can't be trusted. He has accounts on several blackhat websites. He probably didn't even make the "lol" account. Probably just used one of the cracked hashes to take over an account that existed.


Here's the proof:
Brittany246 said:
I'm pretty sure this is the "hacker."

http://webcache.googleusercontent.c...377f1b3f7bc1ded4979+&cd=1&hl=en&ct=clnk&gl=us

He edited his post probably before he admitted to it yesterday.
Click to expand...

djtech42 said:
Here's another post from him:
http://forum.insidepro.com/viewtopic.php?p=152944&#152944

Subforum is "Forum Hashes"

He was probably trying to figure out the MacRumors VB3 salt algorithm here: http://forum.insidepro.com/viewtopic.php?p=152431&#152431

Here's a google search exposing all his accounts on blackhat websites:
https://www.google.com/search?clien...e=UTF-8&oe=UTF-8#q=clockwize0&rls=en&start=10
Click to expand...

---------------------------------------------------------------

Psycho Mantis said:
Did anyone else have their email spammed 200+ times? I also found out my PayPal account had sent $160 to some guy I've never done business with. Currently talking with PayPal at the moment and was wondering if anyone else had this happened?

I've already begun changing emails and passwords, didn't really think it could happen to me but hey it did.

----------



I already made a post above, but the guy logged into my PayPal and bought $160 worth of bitcoins. I have his full name, seller ID, and email. Not sure what else to do, but I've already contacted PayPal.
Click to expand...

Make sure to report his full name and email to arn in a private message, just in case it is him.
 
Whew.... got my advance warning before my identity was stolen

---------- Forwarded message ----------
From: MacRumors Forums <forums@macrumors.com>
Date: Thu, Nov 14, 2013 at 3:26 PM
Subject: MacRumors Forums: Important Security Notice

Hello bawbac,

We are emailing you because you are a registered user of MacRumors.com Forums. We recently had a security leak in our forums. More details can be found in this blog post:
https://www.macrumors.com/2013/11/12/macrumors-forums-security-leak/

There is a chance that your user data (email address, username, hashed password) may have been leaked from the site.
We recommend you take the following steps:

1. Change your password on MacRumors
2. If you used the same password on other sites, please change those as well.

Visit MacRumors.com, click on the Forums tab, and there is a notice at the top of the screen that will tell you how to change your password or contact us if problems.

Why didn't you get this email sooner? See the blog post above.

This is a one time email.

We sincerely apologize for the instrusion,
MacRumors.com
Click to expand...
 
Holy cow !! MR forums were offline was a few minutes..

Call me a security aware.... but a site can go down anytime, it always makes me suspicious AFTER a hack has been done....

Apple was the same, but look what happened to them, it was down for 8 days...

I'm glad MR is back, but i rather than say "ok, all is well" like mos people would, i always question the "what if" type, which can be true....

We'll just wait and see, but i don't think this is the last of it.
 
Tech198 said:
Holy cow !! MR forums were offline was a few minutes..

Call me a security aware.... but a site can go down anytime, it always makes me suspicious AFTER a hack has been done....

Apple was the same, but look what happened to them, it was down for 8 days...

I'm glad MR is back, but i rather than say "ok, all is well" like mos people would, i always question the "what if" type, which can be true....

We'll just wait and see, but i don't think this is the last of it.
Click to expand...

They said they were moving a couple of files around. I was worried at first, but I don't think it is anything. I was hoping that they were restoring the search function.
 
djtech42 said:
I already made a post above, but the guy logged into my PayPal and bought $160 worth of bitcoins. I have his full name, seller ID, and email. Not sure what else to do, but I've already contacted PayPal.
Click to expand...

If they logged in then you didn't have a strong password, and/or Paypal security key/credit-card FOB would have helped here too.

That's the other step i'd do.

I would never use a paypal account without a strong password and extra security such as mobile phone, second factor, same with Gmail... Those that offer it that is. To me, its unthinkable.
 
Last edited:
Tech198 said:
If they logged in then you didn't have a strong password, and/or Paypal security key/credit-card FOB would have helped here too.

That's the other step i'd do.

I would never use a paypal account without a strong password and extra security such as mobile phone, second factor, same with Gmail... Those that offer it that is. To me, its unthinkable.
Click to expand...

I'm not the poster of that message... I was quoting somebody else

In other news, the hacker is getting somebody to crack yet again another VBulletin member's password. Not sure if it is MacRumors, but here's the post: http://forum.insidepro.com/viewtopic.php?t=25692

He is clearly breaking rule one of the forums he has been utilizing: 1.Posting stolen hashes. You're not allowed to post them, only hashes which belong to you.

Here is an instance where he asked over 21,000 VBulletin passwords to be cracked: http://forum.insidepro.com/viewtopic.php?t=20870&postdays=0&postorder=asc&start=15
 
Last edited:
Has anybody read the Ars article about this hacker? He's bragging about his work, but then tells people "it's not like I'm bragging about it" followed by "lol promised not to leak or even crack the passwords, or use the information to hack into people's Gmail, Apple, Yahoo or other accounts, "unless we target you specifically for some unrelated reason."

What a dick!
 
How do I unsubscribe? Why do you not include an unsubscribe link on your emails and easy access location on the forum. Security these days is key and if you can't respect that then you don't deserve my following.
 
mentaluproar said:
Has anybody read the Ars article about this hacker? He's bragging about his work, but then tells people "it's not like I'm bragging about it" followed by "lol promised not to leak or even crack the passwords, or use the information to hack into people's Gmail, Apple, Yahoo or other accounts, "unless we target you specifically for some unrelated reason."

What a dick!
Click to expand...

lol.. unrelated ?? There's not very smart right there..
 
Sergie said:
How do I unsubscribe? Why do you not include an unsubscribe link on your emails and easy access location on the forum. Security these days is key and if you can't respect that then you don't deserve my following.
Click to expand...

Sergie, if this was negligence on MacRumors part, you could be right to leave. However, that is not the case. They do care about security, a lot, but that doesn't mean nothing bad will ever happen. Perhaps you should look at the reputation of this site.
 
mentaluproar said:
Has anybody read the Ars article about this hacker? He's bragging about his work, but then tells people "it's not like I'm bragging about it" followed by "lol promised not to leak or even crack the passwords, or use the information to hack into people's Gmail, Apple, Yahoo or other accounts, "unless we target you specifically for some unrelated reason."

What a dick!
Click to expand...

The guy is full of it
 
Sergie said:
How do I unsubscribe? Why do you not include an unsubscribe link on your emails and easy access location on the forum. Security these days is key and if you can't respect that then you don't deserve my following.
Click to expand...

Sometimes bad things happen to good people - if you want to unsubscribe so be it - but MacRumors is a good site....
 
Ugh. Not knowing what my password IS for this site (I've simply kept myself logged in for YEARS), I don't know what passwords I need to reset... o_O
 
Alex72 said:
Ugh. Not knowing what my password IS for this site (I've simply kept myself logged in for YEARS), I don't know what passwords I need to reset... o_O
Click to expand...

If you're using a Mac, there's tons of threads showing users how to look for stored passwords. If it's not stored and you know the email address you used when you signed up, you could simply use the password reset tool on MR.
 
Way to go, ADOBE... I mean MACRUMORS...

why does everyone suck so bad these days... ???
 
C42D said:
Way to go, ADOBE... I mean MACRUMORS...

why does everyone suck so bad these days... ???
Click to expand...

Suck? MR's did a good job IMHO informing their users as soon as they were made aware of the problem in a timely manner. It's easy for someone to sit there and criticize the actual workers behind the forums with "you should've done this and that", etc. without actually understanding what really happens behind the scenes.

You as a user have a responsibility to maintain security measures within your control. If you did everything right, the recent hack should've made you think "MR was hacked, no biggie, nothing else I log into uses my username and password anyhow", but in reality the emotional responses I see in this thread would indicate otherwise.

If I were to take a guess, I'm certain a good portion of the membership here does use the email address you registered for this site with, using the same password used for that email account in other locations, leading to, for example, email accounts being hijacked.

Bottom line is learn to protect yourself better, get into good secure habits when online, and minimize your risks if/when such compromises occur.
 
C42D said:
Way to go, ADOBE... I mean MACRUMORS...

why does everyone suck so bad these days... ???
Click to expand...

security hacking occurs, all we all can do, both from a user perspective and from a site perspective is set up good policies to mitigate any possible intrusion.

The hacker gained access through an account that had a weak password. From what I've read here, too many people use the same password here at MR as elsewhere which is a definite no-no.

I can't speak for arn, on any up and coming security changes to the site (as a moderator I'm not involved, only admins and the site owner). but I'm sure arn is taking measures to avoid a repeat.
 
Fastsavage said:
Sometimes bad things happen to good people - if you want to unsubscribe so be it - but MacRumors is a good site....
Click to expand...

+1. Yes it is.

Did it do all what you might expect in these circumstances? eg send out an email to everyone immediately?

No, perhaps it didn't.

Did all this make you reconsider your password/security strategy?

Yes, for me, and I've had a few chats with my luddite single password for all things friends.

That's good thing IMO.

Does all that mean I'll not come here anymore?

No, this is a good and valuable site to me as someone with many Apple products.

IMO, if you leave here because of this you are, as an Aussie would say, a soft ****.
 
Marketplace

The biggest problem with this security breach is the Marketplace forum. How are we supposed to know whether the person selling or buying is not a hacker with that person's stolen information? This information could easily be used by a hacker to impersonate MR members to defraud other members.

Perhaps the best way to handle the Marketplace is to require a password reset for all members before they are allowed to use the Marketplace. I do not know what else can be done to verify the member's authenticity, but I would appreciate any insight from MR mods / admins.

Already reset my PW and changed my e-mail to a more recent account.
 
TBH, I just use an easy password and user name for forums, they can maybe get my e mail address and read my PM's and thats about it. Any of my sensitive information I have is well encrypted. Not sure if it is even worth bothering changing my password. I'm sure someone will be along shortly and explain if I am wrong/naive.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back