Unfortunately, that was not the whole extent of the damage, as Canonical - the UK company that develops the distro - has confirmed that the username, password, and email address of all the registered forum users have been compromised.
"The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP," they warned, adding that Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach.
According to the numbers provided by the Internet Archive Wayback Machine, the forum has a little over 1,8 million members, 19,493 of which are active.
In a move that can only be praised, Canonical has shared all the aforementioned information about the breach and the advice for changing passwords with the users via email almost immediately after the compromise was detected.
Ubuntu CEO Jane Silber has shared with Dan Goodin that the company uses MD5 algorithm to encrypt the passwords and a per-user cryptographic salt, which is not the greatest solution, so changing the currently used password - on the forum or anywhere else it is used - should be a must for all users as soon as the forums are back online.
The hacker who executed the attack has not explained the reason for the attack, but it's likely he (she?) did it to harvest user information that can be used for spamming, account hijacking, spear phishing emails, and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.