Passwords of 1.8M Ubuntu Forums users compromised in hack
Posted on 22 July 2013.
Bookmark and Share
Ubuntuforums.org, the home of a variety of support forums dedicated to users of this popular Linux distribution, has been hacked over the weekend and defaced to show an image of a penguin toting a rifle, apparently the "logo" of the hacker who's responsible for the breach.


Unfortunately, that was not the whole extent of the damage, as Canonical - the UK company that develops the distro - has confirmed that the username, password, and email address of all the registered forum users have been compromised.

"The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP," they warned, adding that Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach.

According to the numbers provided by the Internet Archive Wayback Machine, the forum has a little over 1,8 million members, 19,493 of which are active.

In a move that can only be praised, Canonical has shared all the aforementioned information about the breach and the advice for changing passwords with the users via email almost immediately after the compromise was detected.

Ubuntu CEO Jane Silber has shared with Dan Goodin that the company uses MD5 algorithm to encrypt the passwords and a per-user cryptographic salt, which is not the greatest solution, so changing the currently used password - on the forum or anywhere else it is used - should be a must for all users as soon as the forums are back online.

The hacker who executed the attack has not explained the reason for the attack, but it's likely he (she?) did it to harvest user information that can be used for spamming, account hijacking, spear phishing emails, and more.









Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //