Ubuntu Forums hacked, 1.8 million passwords and emails stolen

Graham Cluley

Ubuntu hackedThere has been a massive data breach impacting over 1.8 million users of the Ubuntu operating system this weekend.

Canonical, the lead developers of the Ubuntu Linux-based operating system, has admitted that its online forums were not just defaced this weekend, but also that hackers managed to steal every users’ email address, password and username from the Ubuntu Forums database.

The first clue that anything was amiss was when hackers posted a (hard-to-miss) message on the Ubuntu Forums homepage of a penguin holding a sniper’s rifle:

Ubuntu forums defacement

This was later released by an official statement from Ubuntu Forums:

Ubuntu warns users

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What we know

  • Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

It’s possible that the administrators of Ubuntu Forums weren’t doing a great job keeping their forum and server software up-to-date, and this could have allowed the hackers to exploit a vulnerability.

In addition, I think some will raise an eyebrow at the vague language (“not stored in plaintext”) used to describe how passwords were secured on the Ubuntu Forums. That seems a missed opportunity to help affected forum users assess how likely it is that their password will be cracked.

However, the advice to ensure that you are using different passwords on different websites is a good one. If you don’t do that, there is always the risk that a hack in one place could lead to a security breach against other online accounts that you might own.

Of course, compromised passwords leading to account hacking aren’t the only risk here. There is also the danger that the hackers could use the email addresses they have stolen for spam campaign, perhaps even launching a carefully-crafted attack designed to pique the interest of Ubuntu lovers.

If you ever registered an account on Ubuntu Forums, make sure you aren’t using the same password anywhere else and be on your guard.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

5 Replies to “Ubuntu Forums hacked, 1.8 million passwords and emails stolen”

  1. Yeah well, hope you know more about 'puters than you do about guns:

    http://blog.robballen.com/Post/3717/because-im-nothing-if-not-helpful

    "sniper's rifle" … snicker

    ;-)

  2. The Ubuntu Forums temporary splash page says the personal messages and posts have been lost. I hope they can find a way to restore at least the posts, as the forums have been a treasure trove of how-to information for Ubuntu Linux users, as well as other users of Debian-derivative systems.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES