Ubuntu forums hacked; 1.82M logins, email addresses stolen

Summary:Canonical, the company behind the Ubuntu operating system, has suffered a massive data breach on its forums. All usernames, passwords, and email addresses were stolen.

ubuntu
Ubuntu Forums suffered defacement by hackers on Saturday; also a significant data breach. Image: ZDNet

Ubuntu Forums suffered a massive data breach, the company behind the Linux open-source based operating system said on Saturday.

In an announcement posted on its main forum page, Canonical confirmed there had been a security breach and that the team is working to restore normal operations.

Read this

Mark Shuttleworth: 'Mir has delivered what we hoped'

Canonical founder Mark Shuttleworth says early tests are vindicating the decision to move Ubuntu to the Mir display stack.

The notice said "every user's local username, password and email address" from their database was stolen. The company confirmed that though the passwords are not stored in plain text, users who share passwords across sites are encouraged to change them.

"Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach," the open-source company stated.

An estimated 1.82 million users are subscribed to the forums, with more than 1.96 million threads, according to the last crawl by the Internet Archive in mid-June.

The forum itself is understood to be using vBulletin, a popular Web-based forum software.

The site was defaced by hackers during Saturday afternoon, according to social media reports. The main page was altered to include an image sporting a Twitter handle "Sputn1k_" which directs to an account with just five tweets and double-digit followers. The account did not follow any other user at the time of writing.

The image also pointed out a "shoutout" to Twitter user @rootinabox, who appears to be based in the Netherlands. But the link pointed to a website that does not appears to be associated with the account holder.

The social media community appeared generally critical of the move.

"You must feel proud defacing a site by volunteers. They dedicate time and effort to make a free distro. Worst kind of 'hacker'," said one user directed towards the alleged hacker's Twitter account. 

Others who tweeted the attacker during the past few hours simply asked what the music was that he injected into the hacked page when it loaded.

Topics: Security, Open Source, Ubuntu

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.