The hack was effected on Monday, and according to site owner Arnold Kim, they have immediately started investigating the attack with the help of a third party security researcher.
He noted that the hackers copied the approach used by the attackers who managed to compromise the Ubuntu forums back in July: they managed to get their hands on the account credentials of a forum moderator, and were able to escalate their privileges in order to access the password database. How they got the moderator’s account credentials in the first place is still unknown.
Kim told Ars Technica that, so far, evidence points towards an unsuccessful attempt to access the database. Nevertheless, “we believe that at least some user information was obtained during the attack,” he said. “In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known.”
He advises users to change their passwords on the site’s forums, and to immediately do the same on any other account for which they used the same password. “There are several guides online for how to choose a good password,” he noted, and advised users to use separate passwords for every service and to use a password manager software to manage them.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.