The hacker behind Monday’s breach of an Apple-related rumor and news website has promised to not leak any of the 860,000 passwords he stole.
But the hacker — known as “lol” — said that any users who’d reused the same password on other sites had only themselves to blame. “We’re not terrorists,” he said. “Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place.”
The MacRumors website disclosed the breach Tuesday, saying that an attacker accessed a moderator account for the vBulletin software — sold by Internet Brands — that runs its online forums, then managed to escalate their access privileges, and dump a database containing usernames, email addresses and passwords, which were hashed and salted. The site recommended that all users immediately change their password for MacRumors, as well as any other site for which they’d used the same password.
“We sincerely apologize for the intrusion, and are still investigating the attack with the help of a third-party security researcher,” said “MacRumors god” Arn Kim. “We believe that at least some user information was obtained during the attack,” including passwords, he added. “They are vBulletin’s standard md5 hashed and salted. Which is not that strong, so assume that your password can be determined with time.”
In a series of MacRumors forum posts, Lol confirmed Wednesday that he’d dumped the forum database and obtained usernames, email addresses, and salted and hashed passwords for 860,106 users. As proof that he was behind the hack, lol also published the first 16 bits of Kim’s old password hash, as well as the salt used for the password. But lol promised not to leak or even crack the passwords, or use the information to hack into people’s Gmail, Apple, Yahoo or other accounts, “unless we target you specifically for some unrelated reason.
We’re on the cusp of a global conflict that will see the three most powerful consumer Internet companies fighting to win control of interpersonal communication. The war will pit Facebook’s unified Chat / Messages / Email vs Apple’s cross-device iMessage system vs. Google’s Gmail / GChat / Hangouts. If one emerges as the definitive victor, it could sway the future of digital human interaction.
Read on as we survey the battlefield, review the weaponry of each company, and assess who could win the epic message war and the fortune that comes with it.
Last week we saw Facebook fire the shot of this war when it changed everyone’s profile contact info to display their @facebook.com address and hide their previously selected Gmail, MobileMe, or other email addresses. Why? To box out Google and Apple. Even with natural advantages like a firm grip on identity and the social graph, plus the fact that it works across both iOS and Android devices, Facebook still felt like it needed to attack.
We’ve likely reached “peak SMS” — next year fewer text messages may be sent than this year due to the rise of data-based alternatives. Now is the time for one of these three messaging platforms to take the place of SMS.
Categories: The Online World Tags: