• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

 | 

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

 | 

Experts uncover critical flaws in Kigen eSIM technology affecting billions

 | 

Spain awarded €12.3 million in contracts to Huawei

 | 

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Digital ID
  • Hacking
  • MacRumors forum hacked more than one million of users at risks

MacRumors forum hacked more than one million of users at risks

Pierluigi Paganini November 13, 2013

MacRumors, the Mac news and information website and user forums, was hacked, more than 860,000 accounts were potentially compromised.

MacRumors, the popular Mac news and information website and user forums have been hacked this week, according the first news circulating on the internet more than 860,000 accounts were potentially compromised on the total of 1.8 million registered members the site claimed to have today.

The owner of the MacRumors website, Arnold Kim, confirmed the hack and apologized for the incident, he also revealed that a hacker compromised a moderator account to penetrate the platform, once inside he has escalated its own privileges to steal user credentials.

“We are looking into it further to see if there was another exploit, but there hasn’t been any evidence of it yet.“

The hacker accessed to the usernames, emails and hashed passwords of the MacRumors website accounts, the users have been informed of the necessity  to change their passwords on the forums to avoid consequences. It’s known that the MD5 hashing method is not considered safe to use on commercial websites, hackers in fact could easily go back to the original passwords.

As usual more exposed are those users that share the same credentials between different web services.

macrumors breach 640x384
Arnold Kim sustains that MacRumors had been hacked in a similar manner to the Ubuntu forums , he also promised to improve the security of the platform to avoid future problems.

“We are still working to get the forums fully functional and more secure,”

In a first time Kim confirmed that, according to the Log file, the hacker tried to access the password database, but there are no indications that the passwords are circulating online in any form, but he successively reported to Threatpost that the attacker behind the MacRumors Forums data breach was “friendly” and that none of the data accessed will be leaked. Arnold Kim confirmed to Threatpost journalists that the hacker posted on the forums a message to the community.

To proof the hack the hacker posted a portion of Kim’s password hash and salt, he also blamed a MacRumors Forums moderator whose credentials was stolen and used to access the password database.

“We’re not going to ‘leak’ anything. There’s no reason for us to. There’s no fun in that. Don’t believe us if you don’t want to, we honestly could not care less,” the hacker wrote.

The hacker confirmed that 860,106 passwords were dumped, and 488,429 still had a salt at least three bits long.

“Anyone that’d been active recently will have a longer salt, which will slow down the hash cracking by a fraction of the time it would have taken (duplicate salts = less work do, it’s like to have many with a 3 bit salt),” the hacker’s post said. “We’re not ‘mass cracking’ the hashes. It doesn’t take long whatsoever to run a hash through hashcat with a few dictionaries and salts, and get results.”“We’re not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place,” the hacker wrote.

The hacker blamed the users for bad habit of re-using passwords instead to criticize the security offered by MacRumors platform, he also added that the credentials are not being exploited to log into a web-based email accounts or other online services.

Pierluigi Paganini

(Security Affairs – MacRumors , hacking)


facebook linkedin twitter

Cybercrime data breach Database Breached Encrypted Password Hacking MacRumors MD5 Hashes Password Hacked Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini July 16, 2025
Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network
Read more
Pierluigi Paganini July 16, 2025
Former US Army member confesses to Telecom hack and extortion conspiracy
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

    Intelligence / July 16, 2025

    Former US Army member confesses to Telecom hack and extortion conspiracy

    Cyber Crime / July 16, 2025

    CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

    Hacking / July 16, 2025

    DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

    Security / July 16, 2025

    U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 16, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT