Ubuntu Forums Hacked

[ratul]

Source: Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users | Ars Technica


Defaced Website:

*cdn.arstechnica.net/wp-content/uploads/2013/07/ubuntu-forum-defacement-640x431.png​

E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach hitting the company responsible for maintaining the freely available, open-source operating system. There's no sign the compromised data has been published online.

The Ubuntu Forums were closed Saturday evening, following the discovery that the site's homepage was defaced by someone who managed to gain privileged access to its underlying servers. To their credit, administrators with Canonical, the for-profit company that markets Ubuntu, quickly issued an advisory that warned users who used their forum password to safeguard other accounts to change the credentials immediately. The forums remained inaccessible at time of writing on Sunday afternoon.

So far, there's no indication the password hashes and other data exposed in the Ubuntu forums hack have been published online, but it wouldn't be surprising for that to change. The person responsible for the hack went to the trouble of defacing the forum homepage. To get maximum publicity, the individual may decide to air some or all of the data acquired. And with the Internet Archive recently estimating 1.82 million registered Ubuntu forum accounts, the potential for abuse is high.

 

[gameranand]

Now this is pathetic. Why are they hacking a OSS website.

 

[ratul]

Now this is pathetic. Why are they hacking a OSS website.

that's what came into my mind too...
seems like they are the "bad" hackers..

 

[root.king]

does this site is safe against hackers ??????

 

[ratul]

does this site is safe against hackers ??????

nothing is safe against determined hackers dude, a pissed off hacking group would be the last thing a web admin would want against his website..

 

[ico]

Passwords were all salted + hashed. Good thing. Not much to worry but one should change his password.

does this site is safe against hackers ??????

Everyone's password is salted + hashed in vBulletin. Your passwords are safe.

 

[avinandan012]

One advice from me : do not link your accounts. Now a days you get messages from different sites to link your fb to someting like that.

 

[Flash]

The hacker should've done this to get maximum attention among his/her underground hackers..
Ubuntu forums is really an eye-opener for the newbies..

 

[root.king]

Passwords were all salted + hashed. Good thing. Not much to worry but one should change his password.


Everyone's password is salted + hashed in vBulletin. Your passwords are safe.

thanks ico

 

[Hrishi]

When someone Cr@cks an OSS software site/forum , I feel very sorry for them.
Simply not justified.

The hacker should've done this to get maximum attention among his/her underground hackers..
Ubuntu forums is really an eye-opener for the newbies..

True that.

 

[Gollum]

Is that supposed to be bad, who uses linux for daily use? windows ftw

 

[ratul]

Is that supposed to be bad, who uses linux for daily use? windows ftw

you don't understand the impact of open-source, do you???

 

[Hrishi]

Is that supposed to be bad, who uses linux for daily use? windows ftw

 

[Skyh3ck]

Is that supposed to be bad, who uses linux for daily use? windows ftw

well have you ever used linux or any other distros, or at least you have heard about Android

 

[ico]

Is that supposed to be bad, who uses linux for daily use? windows ftw

Sane people do. The day people get fed up of viruses and the nonsense that surrounds Windows.

 

[kg11sgbg]

^ico,my e-mail account is attached with Ubuntu Forums,but I use different passwords for e-mail account and Ubuntu Forum account.

In this case is my e-mail account(under GMail) compromised???

 

[ico]

^ico,my e-mail account is attached with Ubuntu Forums,but I use different passwords for e-mail account and Ubuntu Forum account.

In this case is my e-mail account(under GMail) compromised???

no, it won't get compromised.

The only way your password gets known to them is if they manage to bruteforce a hash which will look like this:

1045abbc44f12ce0ada34721907ab34e

 

[kg11sgbg]

^Thanks my Friend,at least some relief and respite from the Hackers(Black Hats)...

 

[ratul]

^ico,my e-mail account is attached with Ubuntu Forums,but I use different passwords for e-mail account and Ubuntu Forum account.

In this case is my e-mail account(under GMail) compromised???

no, it won't get compromised.

The only way your password gets known to them is if they manage to bruteforce a hash which will look like this:

1045abbc44f12ce0ada34721907ab34e

yes, that's true, but sometimes it's not just about password or your account compromising, sometimes it's about sending a message, some people just wanna watch the world burn...
on a serious note, though there's very little chances that they would try to decrypt that password, but there's more than that in it, they have a huge e-mail list now, enough for some mass spam message chain, they have your personal information which could be misused, it's not just about compromising an account, it can be about something more severe than that..

 

[Coldbreeze16]

Got an email from ubuntuforums about the hack and to change my PW. Thankfully I use a different password for ubuntuforums than other accounts