Mac Forums

Mac Forums is an online forum community centered on discussions about Apple Macintosh computers, covering topics such as hardware troubleshooting, software recommendations, and general news. It serves as a venue where users seek technical support, share experiences, and exchange knowledge related to the Mac ecosystem. The platform is part of a broader network of affiliated forums that also includes Web Hosting Talk and HotScripts.

The 2016 security breach exposed approximately 1.4 million user credentials across these affiliated sites, indicating that Mac Forums hosts a substantial user base. This scale suggests the forum reaches a wide audience of Mac enthusiasts and professionals who rely on the community for information and assistance. The incident demonstrates that the service had a notable presence within its niche market prior to the attack.

User data stored on the forum was protected with salted MD5 hashing, a cryptographic method considered weak and susceptible to rapid cracking. Because of this vulnerability, third‑party analysts were able to recover roughly 60% of the exposed passwords within hours of obtaining the data. The weakness of the hashing approach highlights a security practice that was outdated at the time of the breach and contributed to the ease with which the credentials were compromised.

The attack originated from a compromise of the parent company that operates Mac Forums and its sister sites, pointing to a centralized ownership or management structure overseeing the network. While the specific name of the parent company was not disclosed in the available sources, the simultaneous impact on all associated platforms indicates a shared infrastructure. This centralization meant that a single point of failure could affect multiple forums at once.

The individual behind the breach, using the alias "uid0", attempted to sell the stolen databases on the dark web marketplace The Real Deal for 7.2 bitcoin. This action underscores the financial incentive attackers have for acquiring large collections of user credentials, even when the data is protected by weak hashing. The episode prompted broader discussions about credential reuse risks, as the same information could be leveraged to access accounts on other services where users had duplicated passwords.