Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors Security Leak

C

citizenzen

macrumors 68000
Original poster
Mar 22, 2010
1,543
11,788
I'm just curious what others are doing about it.

I use 1Password—which I love—and I spent a few minutes updating two email accounts that used the same password as my MacRumors account.

(Lazy. I know.)

Any other thoughts on what to do, best practices, or good software solutions when something like this comes up?
 
I'm confident my 23 digits password, hashed and salted, will never get found by anyone.
Also, I use it only on here.
 
LostSoul80 said:
I'm confident my 23 digits password, hashed and salted, will never get found by anyone.
Also, I use it only on here.
Click to expand...

Certainly helps that you only use it here.

Do you keep 23 digits in the old memory bank?

I'm afraid I couldn't manage that.

1Password to the rescue.
 
1Password to the rescue. MacRumors came up momentarily this afternoon before it came back as fully as it could. I just happened to get my password changed at that time.

I never use same password for any 2 sites. I have several email addresses, but they are duplicated on a couple of sites. Don't think I am as concerned with that as much as passwords.
 
Best policy is to ensure that you have not used that password for sensitive areas of the web like banking...

( I had ) U/N was irrelevant, but I'm jumping through hoops to get things changed elsewhere.
 
Like many others have already said, 1password to the rescue!! I used the same password from macrumors on another forum and a email address that i only have through my cable company. With that said after MacRumors told us about the hack, it took about 3 minutes to generate new passwords and get them saved.

I'm still new to 1password but I LOVE it
 
Can someone explain to me why there's no reason to think 1password can get hacked? :confused:
 
AlabamaSlammer said:
I'm still new to 1password but I LOVE it
Click to expand...

There is one feature in 1Password that I still don't use trust completely.

The Password Generator can automatically fill password fields when creating/changing passwords. But I prefer to copy the generated password and then paste them into a TextEdit document just to have them somewhere until I can confirm the change has taken place and is working. Once I've tested the log in a time or two then I delete the text document.

----------
twietee said:
Can someone explain to me why there's no reason to think 1password can get hacked? :confused:
Click to expand...

I imagine anything can get hacked.

What is your solution?
 
citizenzen said:
I imagine anything can get hacked.

What is your solution?
Click to expand...

No idea, really. My question wasn't meant to be rhetorical. I'm very oldschool in these things and have to admit that I did use my MR passwort for other non-critical purposes as well (fixed now) but one app containing all of my passwords?..doesn't sound that convincing.
 
I think its quite telling that whoever did this attack chose the MacRumors site.

My suspicion is that the choice wasn't purely random. That the intruder believed that a relatively large number of MR forum members would be active elsewhere in the Mac/iOS hardware and software industries, and that by tracking back from some of the e-mail accounts they'd be able to identify high-value targets. From there it literally would only take two or three users who were sloppy about their passwords for the intruder to get access to all sorts of goodies.

Whats most frustrating is that we have absolutely no idea who, or what, is behind the attack. It literally could be anyone: The Red Army, the NSA, the Russian Mafia, or the Iranian Revolutionary Guard. Or just a couple of bored teenagers in Tel Aviv or Dusseldorf.
 
Just changed my MRs password. I have a backed up file that includes individual passwords for most sites I frequent. I don't like having them in my keychain, but I do allow Firefox to remember them. Infrequently I will use a password more than once but it is on low priority sites.

I realize that MacRumors staff probably don't want to talk about it, but I'm curious what are the symptoms when a forum is hacked? Does something stop working or is there software that puts out an alarm? And is there an established protocol to verify you've been hacked or is it something more vague such as aspects of the site stops working or access is blocked?
 
The password I use here, I only use at one other website - MobileRead.com. I will be changing both of them today.
 
I use one name a password combo for things that matter like banking, and another for forums> like here.
While someone could post as me, they can't use any combo of name and password for me at macrumors and do anything else meaningful.
As others have said, be very careful with your passwords. Come up with a plan and work and use your plan.
 
I use a unique password on every forum and this is the only remaining forum where I am "macquariumguy" so I changed my password here and called it good.
 
stubeeef said:
I use one name a password combo for things that matter like banking, and another for forums> like here.
While someone could post as me, they can't use any combo of name and password for me at macrumors and do anything else meaningful.
As others have said, be very careful with your passwords. Come up with a plan and work and use your plan.
Click to expand...

Have you ever been told your avatar is highly disturbing? :p
 
I've changed my password here so it doesn't matter that somebody might find my password and attempt to log on here with it.

Also, the password I use here isn't used anywhere else, so it doesn't matter that somebody might find it and associate it with my email address.
 
I'm assuming most bank accounts will be safe as they use 2 or 3 stage security usually. I guess they can't get that info too can they?! (Paranoia kicks in :))
 
Huntn said:
Just changed my MRs password. I have a backed up file that includes individual passwords for most sites I frequent. I don't like having them in my keychain, but I do allow Firefox to remember them. Infrequently I will use a password more than once but it is on low priority sites.

I realize that MacRumors staff probably don't want to talk about it, but I'm curious what are the symptoms when a forum is hacked? Does something stop working or is there software that puts out an alarm? And is there an established protocol to verify you've been hacked or is it something more vague such as aspects of the site stops working or access is blocked?
Click to expand...

I first suspected the forums had been hacked a few hours before they went offline because each time I clicked on a thread a pop-up box appeared saying I needed to input my user name and password to continue and it would be sent unsecured.

Needless to say I didn't fill it in.

Incidentally this is the third forum associated with apple or iOS to have been hacked in a month. Luckily I had different logins for all of them.
 
vrDrew said:
Whats most frustrating is that we have absolutely no idea who, or what, is behind the attack. It literally could be anyone: The Red Army, the NSA, the Russian Mafia, or the Iranian Revolutionary Guard. Or just a couple of bored teenagers in Tel Aviv or Dusseldorf.
Click to expand...

One of the attackers is a macrumors user named "lol"
 
Limey77 said:
I first suspected the forums had been hacked a few hours before they went offline because each time I clicked on a thread a pop-up box appeared saying I needed to input my user name and password to continue and it would be sent unsecured.

Needless to say I didn't fill it in.

Incidentally this is the third forum associated with apple or iOS to have been hacked in a month. Luckily I had different logins for all of them.
Click to expand...

Interesting, was this a re-direct I wonder or just trolling for personal info? I have several Firefox addons that are supposed to alert for redirects to fake sites, but I noticed nothing yesterday.
 
citizenzen said:
There is one feature in 1Password that I still don't use trust completely.

The Password Generator can automatically fill password fields when creating/changing passwords. But I prefer to copy the generated password and then paste them into a TextEdit document just to have them somewhere until I can confirm the change has taken place and is working. Once I've tested the log in a time or two then I delete the text document.

----------



I imagine anything can get hacked.

What is your solution?
Click to expand...
I wouldn't paste passwords into an unencrypted document, even temporarily. Have you moved to 1Password 4 yet? It saves generated passwords by site, so it's easy to search them if you need to.

Personally, I log out and back into any site I create a password for just to make sure 1Password nailed it. Their forms often need cleaning up as you go, but well worth it.

As for 1Password being hacked, that all depends on the strength of your pass phrase.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back