Canonical's Ubuntu Forum Hacked, User Personal Information Compromised

rated by 0 users
This post has 5 Replies | 1 Follower

Top 10 Contributor
Posts 24,923
Points 1,118,155
Joined: Sep 2007
ForumsAdministrator
News Posted: Sun, Jul 21 2013 12:29 AM
Whether it’s for the lulz (as they say) or for more nefarious reasons, the Ubuntu forums have been hacked. Canonical posted the message via a splash page where the forum site is usually located.

“There has been a security breach on the Ubuntu Forums,” reads the page. “The Canonical IS team is working hard as we speak to restore normal operations.” Canonical didn’t mince words about the extent of the damage, either, stating that the hackers made off with everybody’s username, password, and email address in the database.

Ubuntu forums hacked

This is when using different passwords for all of your many services pays off, because Canonical advises users who have used their same forum password on other sites to change it immediately.

One bit of good news is that Ubuntu One, Launchpad, and “other Ubuntu/Canonical” services were not hacked. Canonical will update the situation as it progresses.
  • | Post Points: 65
Top 150 Contributor
Posts 580
Points 5,265
Joined: Sep 2012
Location: Canada
ForumsAdministrator
Moderator
RWilliams replied on Sun, Jul 21 2013 1:23 AM

"This is when using different passwords for all of your many services pays off"

You said it. There's absolutely no reason to use the same password for multiple services when this is happening SO DANG MUCH. It's getting ridiculous!

  • | Post Points: 5
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sun, Jul 21 2013 9:48 AM

The passwords were salted and hashed from what I've read, so it's not likely they would soon be cracked.

The real lesson is "Patch Your @%#&". Apparently they were using an old version of the *proprietary* (i.e. non-open-source) forum software vBulletin to run the boards. Classic.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Not Ranked
Posts 43
Points 335
Joined: Mar 2013

Score another one for FOSS?

Unless this was a "just because I can" thing...I can't imagine why. Email addresses & locations?

As of 9:00 PM Sunday, still down.

  • | Post Points: 5
Not Ranked
Posts 43
Points 335
Joined: Mar 2013

And people...LastPass.com.

Please.

  • | Post Points: 5
Top 150 Contributor
Posts 536
Points 4,485
Joined: Apr 2012
Location: Schertz, Texas
ajm531 replied on Sun, Jul 21 2013 10:49 PM

*starts devising new passwords for multiple services*

This increase in attacks is getting ridiculous. Yeah different passwords are a good idea but this just shouldnt be happening.

  • | Post Points: 5
Page 1 of 1 (6 items) | RSS