14 DAY TRIAL // On Tuesday, administrators of MacRumors revealed that the website’s forums were hacked. MacRumors’ 860,000 users have been warned that their usernames, email addresses and password hashes should be considered compromised.
However, in a post published on the MacRumors forums, a user who claims to be the hacker has explained that he will not leak any information.
To demonstrate that he is the hacker, he has published the first 16 bits of the password hash and the salt of MacRumors Editorial Director Arnold Kim. Kim has confirmed for Ars Technica that the information is accurate.
The alleged hacker, who uses the online moniker “lol,” says the passwords can be cracked, but the information will not be misused.
“We're not logging in to your gmails, apple accounts, or even your yahoo accounts (unless we target you specifically for some unrelated reason). We're not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place,” he noted.
Many have speculated that the attackers leveraged a vulnerability in an outdated version of vBulletin to breach the website. However, lol says this isn’t the case and that the “fault lied within a single moderator.”
The hacker explains that this could have been far worse. However, he highlights the fact that he simply breached MacRumors to test his skills.
“I never defaced the site, I never bragged about it anywhere, I just got in and got out,” he noted in a separate post.
Despite his claims that he will not leak any of the passwords, users should not take any chances. Change your password not only on MacRumors, but also on any other website where you’ve been using the same passcode.