Category Archives: FORUMS

Ubuntu Forums hack exposes 2 million site users

An anonymous hacker grabbed usernames, email addresses, then salted and hashed passwords.

ubuntu-forum-form image www.intelagencies.com

The company that builds Ubuntu, a popular Linux distribution, has said its forums were hacked Thursday.

Canonical, which develops the operating system, said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker

The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.

That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.

The statement stressed that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.

Since the breach, the servers were wiped, rebuilt, and hardened, passwords were changed, and the forum software was fully patched.

The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data. But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.

A spokesperson for the company did not immediately respond to a question about the hashing algorithm.

fg56

Henry Sapiecha