Passwords of 1.8M Ubuntu Forums users compromised in hack
Posted on 22 July 2013.
Ubuntuforums.org, the home of a variety of support forums dedicated to users of this popular Linux distribution, has been hacked over the weekend and defaced to show an image of a penguin toting a rifle, apparently the "logo" of the hacker who's responsible for the breach.


Unfortunately, that was not the whole extent of the damage, as Canonical - the UK company that develops the distro - has confirmed that the username, password, and email address of all the registered forum users have been compromised.

"The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP," they warned, adding that Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach.

According to the numbers provided by the Internet Archive Wayback Machine, the forum has a little over 1,8 million members, 19,493 of which are active.

In a move that can only be praised, Canonical has shared all the aforementioned information about the breach and the advice for changing passwords with the users via email almost immediately after the compromise was detected.

Ubuntu CEO Jane Silber has shared with Dan Goodin that the company uses MD5 algorithm to encrypt the passwords and a per-user cryptographic salt, which is not the greatest solution, so changing the currently used password - on the forum or anywhere else it is used - should be a must for all users as soon as the forums are back online.

The hacker who executed the attack has not explained the reason for the attack, but it's likely he (she?) did it to harvest user information that can be used for spamming, account hijacking, spear phishing emails, and more.









Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //