The estimated 860,000 users of the popular MacRumors web forum have been told to change their passwords immediately after hackers successfully compromised an admin account in order to steal personal and login data.
Data leaked during the 11 November raid includes Forum user name, email address, and the encrypted passwords used to access the site; users should assume that this data was now known by the attackers, an announcement by the site’s owners said.
“We sincerely apologize for the intrusion, and are still investigating the attack with the help of a 3rd party security researcher. We believe that at least some user information was obtained during the attack,” the site’s owners said.
The author went on to draw a parallel with July’s hack of the Ubuntu forums which compromised 1.82 million account details. Canonical’s blog later explained how the attackers had carried out the admin account compromise in some detail.
“Our case [MacRumors] is quite similar, with a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials.”
Canonical later said of its compromise that it hadn’t been able to work out exactly how the admin account was breached.
MacRumours hasn’t confirmed the type of encryption used to secure the breached passwords although on the basis of third-party news stories the fairly basic MD5 algorithm seems likely.
“When you use third party components you expose your network to the threats faced by all those applications, significantly increasing your attack surface,” commented Imperva CTO, Amichai Shulman, speculating about the possibility of a software issue.
“Sometimes you can successfully participate in the ‘who-patches-first’ race for each and every third party component you use; usually you can't and you must rely on virtual patching through a technology like Web Application Firewall.”