Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntuforums.org Hacked

Posted by Soulskill on from the another-one-falls dept.

satuon writes "The popular Ubuntu Forums site is now displaying a message saying there was a security breach. What is currently known: Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP. Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach."

2 of 146 comments (clear)

  1. Re:Ummm... by ancientt · · Score: 1, Flamebait

    My first thought: "Oh crap, that's me." I use a few passwords across multiple sites, basically determining how unique and how complicated by how much I consider a breach a danger and how much I trust the site to keep the password info secure. Generally, I hate forums that build their own password systems rather than using OpenID or Google Sign In or even Facebook login, and don't trust them much. Still, I tend to trust Unix minded people to care about security.

    This means I might have been silly enough to use a password I care to keep secret, so I checked. Nope. Obviously I thought they were idiots to set up their own system and used a password so bad it is obvious that I don't even care if a random guess might get it. I don't use Ubuntu but I have and sometimes I might want to comment in a forum when issues cross distributions.

    I hope others learn from this.. but I don't hold out tremendous hope.

    --
    B) Eliminate all the stupid users. This is frowned upon by society.
  2. Re:Ummm... by hairyfeet · · Score: 0, Flamebait

    I'll get hate but the irony is so moist i honestly don't care...can we all LOAO now? I mean storing IN PLAIN TEXT? What good is that "vaunted Linux security" if the forums are being run by goobers that store fricking passwords in plain text! This is a PERFECT example of what I've been saying for years, its NOT the OS, any OS can be as secure or as insecure as can be, it ALL comes down to what is sitting between keyboard and chair.

    Please please PLEASE tell me at the very least the fools in charge of that site has been told to hit the bricks, yes? After all if ANY other company or place did something THAT stupid you'd be calling for their heads, right? But just the fact that you are saying "It's good the Ubuntu Forums has alerted us that this breach has occurred" makes me feel the community is using their "do as I say NOT as I do strategy" because if this were Sony or Apple or MSFT, even if the service was free, every Linux user would be screaming about how fricking pathetic storing in plain text in 2013 is and how they needed to be shown the door.

    So I'll be personally interested if the screaming about bad security practices and vile towards foolish behavior will be directed toward their own, or if the community will just pretend that its totally okay when THEY do it, just not when anybody else does it.

    --
    ACs don't waste your time replying, your posts are never seen by me.