Slashdot Mirror
Ubuntuforums.org Hacked
satuon writes "The popular Ubuntu Forums site is now displaying a message saying there was a security breach. What is currently known: Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP. Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach."
You'd hope so. That would be standard policy you'd assume by now (hashes are easy), but apparently it's still important to mention this given there are still way too many outfits storing plain-text passwords in their systems.
I remember reading the following advice - if you're unsure about the security of any company with whom you've got a password-secured account with, just check to see if they have some kind of password recovery link on their login page. Normally these links should email you with a temporary password so you can make a new one, but if they happen actually email you with your actual password... RUN!!!
I wonder when they are going to email the userbase with this announcement. I have received no email from them. Perhaps the hacker could alert the userbase as a community spirited gesture.