Ubuntu forum defaced, breached by hackers

Email addresses, user names, and encrypted passwords were revealed, according to Canonical

A website dedicated to discussion of the Ubuntu Linux distribution was breached on Saturday, with hackers gaining access to encrypted passwords and email addresses.

The site, Ubuntuforums.org, will remain offline until it can be fixed, wrote Jane Silber, CEO of Canonical, a company that develops and provides services for the free, open-source operating system.

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

"We have begun the process of notifying by email all users whose details have been compromised," Silber wrote. "We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue."

According to a notice on Ubuntuforums.org, the forum was defaced around 8:11 PM UTC Saturday by hackers before it was taken offline about four minutes later. It is believed the attackers gained access to every person's local user name, encrypted passwords, and email addresses from the database.

The encrypted passwords were "salted," an additional security measure that makes them more difficult to revert to their original form. Users are encouraged nonetheless to assume their passwords are now insecure, especially if people use the same password for other web services.

No other Ubuntu or Canonical-related websites were believed to be affected, Silber wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies