You are not logged in.

#1 2013-07-22 08:52:26

w201
Member
Registered: 2012-10-04
Posts: 243

Security Breach on the Ubuntu Forums

So apparently the ubuntu forums got hacked and someone made out with 2 million usernames, passwords and email adresses- ouch! Their site is currently down. Just posting as an FYI because their advice is to change your password if you have an account there and use it for multiple sites. 

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
Progress report

2013-07-20 2011UTC: Reports of defacement
2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
If you're using Ubuntu and need technical support please see the following page for support:
Finding Help.
If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:

Last edited by w201 (2013-07-22 08:59:58)

Offline

#2 2013-07-22 09:25:05

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,266
Website

Re: Security Breach on the Ubuntu Forums

An unfortunate event for Canonical and the Ubuntu team. Glad to see the passwords were at least hashed, and with a salt.

Offline

#3 2013-07-22 17:14:58

x33a
Forum Moderator
Registered: 2009-08-15
Posts: 3,242
Website

Re: Security Breach on the Ubuntu Forums

fukawi2 wrote:

An unfortunate event for Canonical and the Ubuntu team. Glad to see the passwords were at least hashed, and with a salt.

Unfortunately md5 hashes even with salt are easily crackable. On the other hand, it's just a forum account and since they alerted people early, anyone foolish enough to use the same password elseware can change the other password on time.

One thing I disliked is that they haven't alerted people by email, at least I haven't got one yet. I got this information from various source, but many people (dormant accounts / less frequent users) are unlikely to know of it.

Last edited by x33a (2013-07-22 17:15:35)

Offline

#4 2013-07-22 18:21:18

clfarron4
Member
From: London, UK
Registered: 2013-06-28
Posts: 2,162
Website

Re: Security Breach on the Ubuntu Forums

x33a wrote:

...they haven't alerted people by email, at least I haven't got one yet.

You're not the only one, and it's starting to worry me. Surely one of the things that happens when you have a breach like this is make sure that you have told everybody via the main form of contact, in this case e-mail, rather than news bulletin/information on the website. I found out about it through Google+


Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository

Offline

#5 2013-07-22 19:04:32

FlyingHappy
Member
From: Cincinnati, OH
Registered: 2011-04-18
Posts: 186

Re: Security Breach on the Ubuntu Forums

I got an email about it today.

Offline

#6 2013-07-22 19:05:24

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 18,300
Website

Re: Security Breach on the Ubuntu Forums

FlyingHappy wrote:

I got an email about it today.

Don't click on the link... tongue


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#7 2013-07-22 19:06:00

FlyingHappy
Member
From: Cincinnati, OH
Registered: 2011-04-18
Posts: 186

Re: Security Breach on the Ubuntu Forums

I deleted it  tongue

Offline

#8 2013-07-22 20:20:40

dag
Member
From: US
Registered: 2013-01-20
Posts: 216

Re: Security Breach on the Ubuntu Forums

I have an account there though i dont use the same user names and passwords accross my accounts on the internet. looked like some kid/s else why would they show that they hacked them.


--------------------------------------
alcoves wonder creates the wonder unto the ages; never lose that.

Offline

Board footer

Powered by FluxBB