MacRumors Security Leak

Discussion in 'Community Discussion' started by citizenzen, Nov 12, 2013.

  1. citizenzen macrumors 65816

    Joined:
    Mar 22, 2010
    #1
    I'm just curious what others are doing about it.

    I use 1Password—which I love—and I spent a few minutes updating two email accounts that used the same password as my MacRumors account.

    (Lazy. I know.)

    Any other thoughts on what to do, best practices, or good software solutions when something like this comes up?
     
  2. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
  3. LostSoul80 macrumors 68020

    LostSoul80

    Joined:
    Jan 25, 2009
    #3
    I'm confident my 23 digits password, hashed and salted, will never get found by anyone.
    Also, I use it only on here.
     
  4. citizenzen thread starter macrumors 65816

    Joined:
    Mar 22, 2010
    #4
    Certainly helps that you only use it here.

    Do you keep 23 digits in the old memory bank?

    I'm afraid I couldn't manage that.

    1Password to the rescue.
     
  5. firedept macrumors 603

    firedept

    Joined:
    Jul 8, 2011
    Location:
    Somewhere!
    #5
    1Password to the rescue. MacRumors came up momentarily this afternoon before it came back as fully as it could. I just happened to get my password changed at that time.

    I never use same password for any 2 sites. I have several email addresses, but they are duplicated on a couple of sites. Don't think I am as concerned with that as much as passwords.
     
  6. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #6
    Best policy is to ensure that you have not used that password for sensitive areas of the web like banking...

    ( I had ) U/N was irrelevant, but I'm jumping through hoops to get things changed elsewhere.
     
  7. AlabamaSlammer macrumors 6502

    AlabamaSlammer

    Joined:
    Feb 8, 2012
    Location:
    Alabama
    #7
    Like many others have already said, 1password to the rescue!! I used the same password from macrumors on another forum and a email address that i only have through my cable company. With that said after MacRumors told us about the hack, it took about 3 minutes to generate new passwords and get them saved.

    I'm still new to 1password but I LOVE it
     
  8. twietee macrumors 603

    twietee

    Joined:
    Jan 24, 2012
    #8
    Can someone explain to me why there's no reason to think 1password can get hacked? :confused:
     
  9. LostSoul80 macrumors 68020

    LostSoul80

    Joined:
    Jan 25, 2009
    #9
    That's the one bank I can trust.:)
     
  10. citizenzen thread starter macrumors 65816

    Joined:
    Mar 22, 2010
    #10
    There is one feature in 1Password that I still don't use trust completely.

    The Password Generator can automatically fill password fields when creating/changing passwords. But I prefer to copy the generated password and then paste them into a TextEdit document just to have them somewhere until I can confirm the change has taken place and is working. Once I've tested the log in a time or two then I delete the text document.

    ----------

    I imagine anything can get hacked.

    What is your solution?
     
  11. twietee macrumors 603

    twietee

    Joined:
    Jan 24, 2012
    #11
    No idea, really. My question wasn't meant to be rhetorical. I'm very oldschool in these things and have to admit that I did use my MR passwort for other non-critical purposes as well (fixed now) but one app containing all of my passwords?..doesn't sound that convincing.
     
  12. vrDrew macrumors 65816

    Joined:
    Jan 31, 2010
    Location:
    Midlife, Midwest
    #12
    I think its quite telling that whoever did this attack chose the MacRumors site.

    My suspicion is that the choice wasn't purely random. That the intruder believed that a relatively large number of MR forum members would be active elsewhere in the Mac/iOS hardware and software industries, and that by tracking back from some of the e-mail accounts they'd be able to identify high-value targets. From there it literally would only take two or three users who were sloppy about their passwords for the intruder to get access to all sorts of goodies.

    Whats most frustrating is that we have absolutely no idea who, or what, is behind the attack. It literally could be anyone: The Red Army, the NSA, the Russian Mafia, or the Iranian Revolutionary Guard. Or just a couple of bored teenagers in Tel Aviv or Dusseldorf.
     
  13. Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #13
    Just changed my MRs password. I have a backed up file that includes individual passwords for most sites I frequent. I don't like having them in my keychain, but I do allow Firefox to remember them. Infrequently I will use a password more than once but it is on low priority sites.

    I realize that MacRumors staff probably don't want to talk about it, but I'm curious what are the symptoms when a forum is hacked? Does something stop working or is there software that puts out an alarm? And is there an established protocol to verify you've been hacked or is it something more vague such as aspects of the site stops working or access is blocked?
     
  14. ucfgrad93 macrumors P6

    ucfgrad93

    Joined:
    Aug 17, 2007
    Location:
    Colorado
    #14
    The password I use here, I only use at one other website - MobileRead.com. I will be changing both of them today.
     
  15. stubeeef macrumors 68030

    stubeeef

    Joined:
    Aug 10, 2004
    #15
    I use one name a password combo for things that matter like banking, and another for forums> like here.
    While someone could post as me, they can't use any combo of name and password for me at macrumors and do anything else meaningful.
    As others have said, be very careful with your passwords. Come up with a plan and work and use your plan.
     
  16. macquariumguy macrumors 6502a

    Joined:
    Jan 7, 2002
    Location:
    Sarasota FL
    #16
    I use a unique password on every forum and this is the only remaining forum where I am "macquariumguy" so I changed my password here and called it good.
     
  17. Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #17
    Have you ever been told your avatar is highly disturbing? :p
     
  18. elistan macrumors 6502a

    Joined:
    Jun 30, 2007
    Location:
    Denver/Boulder, CO
    #18
    I've changed my password here so it doesn't matter that somebody might find my password and attempt to log on here with it.

    Also, the password I use here isn't used anywhere else, so it doesn't matter that somebody might find it and associate it with my email address.
     
  19. DMoggo macrumors regular

    Joined:
    Sep 27, 2013
    Location:
    UK
    #19
    I'm assuming most bank accounts will be safe as they use 2 or 3 stage security usually. I guess they can't get that info too can they?! (Paranoia kicks in :))
     
  20. Limey77 macrumors regular

    Joined:
    Apr 22, 2010
    #20
    I first suspected the forums had been hacked a few hours before they went offline because each time I clicked on a thread a pop-up box appeared saying I needed to input my user name and password to continue and it would be sent unsecured.

    Needless to say I didn't fill it in.

    Incidentally this is the third forum associated with apple or iOS to have been hacked in a month. Luckily I had different logins for all of them.
     
  21. wrkactjob macrumors 65816

    wrkactjob

    Joined:
    Feb 29, 2008
    Location:
    London
  22. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #22
    One of the attackers is a macrumors user named "lol"
     
  23. Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #23
    Interesting, was this a re-direct I wonder or just trolling for personal info? I have several Firefox addons that are supposed to alert for redirects to fake sites, but I noticed nothing yesterday.
     
  24. mactastic macrumors 68040

    mactastic

    Joined:
    Apr 24, 2003
    Location:
    Colly-fornia
    #24
    I wouldn't paste passwords into an unencrypted document, even temporarily. Have you moved to 1Password 4 yet? It saves generated passwords by site, so it's easy to search them if you need to.

    Personally, I log out and back into any site I create a password for just to make sure 1Password nailed it. Their forms often need cleaning up as you go, but well worth it.

    As for 1Password being hacked, that all depends on the strength of your pass phrase.
     
  25. StephenCampbell macrumors 65816

    Joined:
    Sep 21, 2009
    #25
    I have an email address that I use for this site only. Does that make me safe?
     

Share This Page