Ubuntu forums hacked – 1.82 Million logins, email addresses stolen

22. July 2013 SysAdmin 0

The worlds famous community OS ubuntu’s Forum was hacked on this saturday afternoon.

The forum was running on an outdates version of vBulletin (a popular Web-based forum software) with no protection in admin area. An estimated 1.82 million users are subscribed to the forums, with more than 1.96 million threads, according to [the last crawl by the Internet Archive in mid-June](http://web.archive.org/web/20130622180319/http://ubuntuforums.org/forum.php?s=08b8ec0fc361533815d92d22e0e108cc).

Canonical confirmed by the status message that,

The attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes.

Also, As per canonical IS team, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are **strongly **encouraged to change the password on the other service ASAP. Ubuntu One, Launchpad and other Ubuntu/Canonical services are **NOT affected** by the breach.

According to social media reports. The main page was altered to include an image sporting a Twitter handle “[Sputn1k_](https://twitter.com/sputn1k_)” which was directing to an account with just five tweets and double-digit followers. The account was not following any others, and the account seems deactivated at the time of this writing.

The image also pointed out a “shoutout” to Twitter user @rootinabox, who appears to be based in the Netherlands. But the link pointed to a website [wedtm.com](http://wedtm.com/) that does not appears to be associated with the account holder.

**ScreenShot When the site was hacked.**

[![ubuntuforum-hacked](https://res.cloudinary.com/jobnix/image/upload/v1415999131/ubuntuforum-hacked_tsraax.png)](https://res.cloudinary.com/jobnix/image/upload/v1415999131/ubuntuforum-hacked_tsraax.png)


Leave a Reply

Your email address will not be published. Required fields are marked *