Leading Linux distro, Canonical’s Ubuntu forum hacked
Canonical, the firm that builds and develops Ubuntu, a popular Linux distribution, has said its forums were hacked Thursday. It said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.
Ubuntu forum was used by Linux devs, Ubuntu users and aficionados to discuss the bugs, flaws, upcoming builds and other general Linux talk.
“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience”, says Jane Silber, Chief Executive Officer, Canonical Ltd.
Silber further explained, “after some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched”.
The unknown hacker/s exploited an SQL injection vulnerability in an add-on used by older vBulletin forum software. The hack gave the attacked access to the usernames, emails, salted and hashed passwords though Canonical said that only limited user data was accessed and downloaded. Canonical also stated that that no code or repository data was accessed, and the hacker couldn’t write data to the database or gain shell access. The hacker was not able to gain access to any other Canonical or Ubuntu service according to the statement,
Canonical has wiped the servers rebuilt, changed passwords, and the forum software was fully patched against the vulnerability after the breach. The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data. But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.
If you are a Linux forum member, you should have got an email from Canonical advising you to change your password. If not than too, it would be advisable to change your passwords immediately.