After seeing that the feed had been hijacked I poked around to see how easy it was.
My first guess was http://macrumorslive.com/admin which contained the full source code and password hashes to everything on the site.
They must have had a strange configuration because their .php files were showing as plain text files. This revealed their master DB username/password along with many other ways to exploit the site.
There's a reason security through obscurity doesn't work. Unfortunately MacRumors had to find out on what was probably their biggest day of the year.
There's a reason security through obscurity doesn't work
The even worse part is, it isn't even obscure! The path is /admin/ not /walrus/ or something. And why would they have plain-text php files at that URL? It's like shooting yourself in the foot and lighting yourself on fire in a bear pit at the same time.
The MacRumorsLive feed was compromised as described. The cause of the security breach is best described as "user error" due to admin files being inadvertantly mirrored across multipe server instances with incorrect permissions. This allowed php code to be displayed rather than executed, which was clearly a "bad thing". Our actual admin panel is password protected, of course.
The static portion of the site wasn't hacked, just the live feed. In either event it doesn't matter since the DNS is no longer resolving.
According to #macrumorschat, some 4chan kids figured out that going to macrumorslive.com/admin showed the source code, and that's how they figured out how to inject their own text.
It really sucks for the MacRumors guys since this is probably their biggest ad revenue day of the year.
PSA: /g/ is the worst board on 4chan. Neither funny nor interesting, and with no entertaining trolls. It is also more obsessed with Apple than even MacRumors itself.
On a tangent: Gdgt's liveblog (their first this year but it's run by the folks that sorta started the liveblog trend) was the worst in that it kept dying. Meanwhile Engadget had the best coverage and Gizmodo the fastest. VentureBeat had the most innovative by integrating FriendFeed.
Pretty interesting to watch it unfold. The first SQL the guy posts is a SQL injection waiting to happen:
$query = "select * from sms_users where authentication='".$_GET["auth"]."'";
Edit: Changed link to use webcitation because 4chan link went down. Original link was at: http://zip.4chan.org/g/res/3118906.html