Popular Mac news and information site MacRumors user forums have been breached by hackers on Monday this week.
More than 860,000 usernames, emails and hashed passwords were potentially compromised. Users are advised to users that they change their passwords on the forums, as well as any other sites or services where the same password has been used.
MD5 with or without salt, to be an inadequate means of protecting stored passwords. Back in 2012, the original author of the MD5 password hash algorithm has publicly declared that MD5 is no longer considered safe to use on commercial websites.
The owner of the site, Arnold Kim, apologized for the intrusion and said that it occurred because the hacker gained access to a moderator account, which then allowed the intruder to escalate their own privileges with the goal of stealing user login credentials.
"We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it yet."
He said the site had been hacked in a similar manner to the Ubuntu forums in July, where attackers defaced the site and accessed the user database. At the time, the site claimed to have over 1.8 million registered members.
“We are still working to get the forums fully functional and more secure,”
He said, according to the Log file, so far indicate that the intruder tried to access the password database, but there are no indications that the passwords are circulating online in any form.