Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntuforums.org Hacked

Posted by Soulskill on from the another-one-falls dept.

satuon writes "The popular Ubuntu Forums site is now displaying a message saying there was a security breach. What is currently known: Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP. Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach."

5 of 146 comments (clear)

  1. Re:That's what you get for running Ubuntu by akh · · Score: 4, Informative

    Um, what? For the base server install you get no network services installed whatsoever (not even SSHd). As for size, a base install of the current server version of Ubuntu is ~64MB of disk space IIRC. That's hardly what I'd call bloated.

    --
    Accept Eris as your Fnord and personally sate her
  2. Re:Ummm... by interkin3tic · · Score: 5, Funny

    Personally, I'm trying to remember which password I used on it.

    Reminds me of an old joke: a man looks glum, his friend asks what's wrong.
    The man says "I got a call from some guy, he said to stop sleeping with his wife or he'd kill me."
    Friend "Oh, that's too bad."
    Man: "The worst part is, he didn't say who his wife was."

  3. Re:That's what you get for running Ubuntu by NobleSavage · · Score: 4, Insightful

    I assume that the forum software was hacked. I believe they ran vBulletin which is often hacked. Nothing indicates the underlying OS was hacked.

  4. Password policy by readingaccount · · Score: 4, Interesting

    The passwords are not stored in plain text

    You'd hope so. That would be standard policy you'd assume by now (hashes are easy), but apparently it's still important to mention this given there are still way too many outfits storing plain-text passwords in their systems.

    I remember reading the following advice - if you're unsure about the security of any company with whom you've got a password-secured account with, just check to see if they have some kind of password recovery link on their login page. Normally these links should email you with a temporary password so you can make a new one, but if they happen actually email you with your actual password... RUN!!!

  5. Re:Ummm... by davetv · · Score: 5, Interesting

    I wonder when they are going to email the userbase with this announcement. I have received no email from them. Perhaps the hacker could alert the userbase as a community spirited gesture.