Jump to content
securitybreach

Ubuntu Forums hacked

Recommended Posts

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

 

What we know

  • Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

http://ubuntuforums.org/announce.html

 

1.82M logins, email addresses stolen

http://www.zdnet.com/ubuntu-forums-hacked-1-82m-logins-email-addresses-stolen-7000018336/

Share this post


Link to post
Share on other sites

Ubuntu Forums hacked, 1.8 million passwords and emails stolen

 

Canonical, the lead developers of the Ubuntu Linux-based operating system, have admitted that its online forums were not just defaced this weekend, but also that hackers managed to steal every users’ email address, password and username from the Ubuntu Forums database.

 

Apparently every member's username, password and e-mail were obtained. Hopefully, everyone here knows enough to use a different password everywhere. Even so, the obvious advice: change your email password ASAP!

Share this post


Link to post
Share on other sites

Thanks for letting us know, Josh!

 

Good thing many of us use unique passwords everywhere.

  • Like 1

Share this post


Link to post
Share on other sites

Good thing the hashes were not in the clear, but they were not totally clear whether they were hashed and salted.

 

From this link on ITWorld:

 

Hashing is using an cryptographic algorithm to convert data like a password into a fixed length sting of characters called a fingerprint.

Salting is a way to randomize hashes by adding a random string (which is called a salt) before a password is hashed, which makes it much more difficult to crack the password hash.

This page explains it more thoroughly: http://crackstation.net/hashing-security.htm

 

Thankfully many of us use unique passwords everywhere.

Share this post


Link to post
Share on other sites

and there is something odd going on with the Apple Developers site this weekend ...

Share this post


Link to post
Share on other sites

I merged the two topics about the Ubuntu forums hack in Security and Networking.

Edited by LilBambi

Share this post


Link to post
Share on other sites

You mean the maintenance 'sign' there?

 

4dUAjOw.jpg

well, there is speculation here and here about what is going on.

Share this post


Link to post
Share on other sites

Yes, that second link is interesting...especially the part about resetting their passwords noted in the article at the hacker news.

Share this post


Link to post
Share on other sites
Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.

 

Hmm... guess I'll be getting some SPAM, huh?

  • Like 2

Share this post


Link to post
Share on other sites

Fortunately, I beleive that I used my inbox.com email account for the Ubuntu forums, as I do for all techie forums and newsletters. I use different email accounts for different purposes. This allows me to do things like totally white listing an account, as I have with inbox.com. ONLY emails from forums/newsletter servers on my account reach my inbox, so SPAM has a hard time getting through. They'd have to spoof one of the domains on my white list.

 

I actually worry more about them using my account on the Ubuntu forums for naughtiness. I will have to change the password as soon as Ubuntu allows me back in there. :yes:

Share this post


Link to post
Share on other sites

Spoofing a domain in an email is a trivial matter..... :lol:

 

Adam

  • Like 2

Share this post


Link to post
Share on other sites

wow, they are doing a total rebuild

Share this post


Link to post
Share on other sites

Yep, likely due for a redo by now. Been around for a long time.

  • Like 1

Share this post


Link to post
Share on other sites

Fortunately, I beleive that I used my inbox.com email account for the Ubuntu forums, as I do for all techie forums and newsletters. I use different email accounts for different purposes. This allows me to do things like totally white listing an account, as I have with inbox.com. ONLY emails from forums/newsletter servers on my account reach my inbox, so SPAM has a hard time getting through. They'd have to spoof one of the domains on my white list.

 

I actually worry more about them using my account on the Ubuntu forums for naughtiness. I will have to change the password as soon as Ubuntu allows me back in there. :yes:

I really don't care if they use my account at the Ubuntu forums for naughtiness.

I was banned at least once for asking a question and then asking the smarty-pants answerer for help in following their wonderful advice.

What was their advice, you ask?

RTFM!

I was so new to Linux/FOSS I had no idea what that was.

So I asked. Once I knew it was "Read The Fine Manual" o:) I had the nerve to ask how one does that in Linux.

Ban Hammer came down.

IMG_7175.JPG

After the second such incident, I never returned to the forum.

Hope the bad guys cause them all kinds of grief with my username and password.

They deserve what they get.

Share this post


Link to post
Share on other sites

That's odd, Bob. I never had any problems at the Ubuntu forums. Everyone was always nice and helpful to me. I guess you just attract that type of abuse. ;)

Share this post


Link to post
Share on other sites

That's odd, Bob. I never had any problems at the Ubuntu forums. Everyone was always nice and helpful to me. I guess you just attract that type of abuse. ;)

Ubuntu forums were the only place it ever happened.

Of course, there is the fact that I was known to be a friend of Ken Starks (aka Helios) who was truly despised by the admins and mods there.

 

Could be a connection.

 

I don't even get any abuse at the Arch forums when I ask brain-dead questions.

Edited by amenditman
  • Like 1

Share this post


Link to post
Share on other sites

Now Arch was an altogether different experience for me. I wasn't impressed with their kindness and hospitality at all.

Share this post


Link to post
Share on other sites

Now Arch was an altogether different experience for me. I wasn't impressed with their kindness and hospitality at all.

 

You haven't been to my Archlinux Community on G+

Share this post


Link to post
Share on other sites

Hey! You told me your real name was Archie Winkelstein. Are you using a pseudonym at G+? UMMMAAA! I'm gonna' tell. ;)

 

Of course I am.... My real name does not exist online.

Share this post


Link to post
Share on other sites

Yes, it does. You should see some of the mugshots of people that have the same real name as you. ;)

 

Right....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...