The user names and possibly passwords of up to 860,000 registered users of MacRumors are possible in the street by a hack. The passwords are encrypted and gehasht. MacRumors recommends password change.
The hack took place because a hacker was logged in as a moderator and tried to get credentials from users to get, writes MacRumors. The passwords might be stolen. Who are gehasht with md5 and that is not the safest way to store passwords, MacRumors itself, although the hashes in any case, another gesalt. The md5 method is known as relatively weak.
It is unclear how the hacker has access to the moderator account, and whether they are indeed the hashed passwords has gotten hold of. MacRumors recommends changing the password on sites where users use the same password apply to change. The change is not, however, an obligation to log in.
The hack would be similar to that of the Ubuntu forum earlier this year. Also there came the hacker as a moderator. MacRumors has around to 860,000 registered users. MacRumors runs on VBulletin on php 5.3.3 with Apache server on CentOS. It is unlikely that any vulnerability in the software has something to do with the hack.