Are You A Registered Ubuntu Forum User? Your Username Password and Email is in the mercy of a hacker


Ubuntu Forum has been hacked and over 2 million users’ account information stolen. The hacker with a twitter handle of @Sputn1k_ posted the image below after defacement which took only four minutes for the Ubuntu Forum Technical Team to realize.

ubuntu forums

After the security breach Canonical, the company behind Ubuntu posted the following on the forums page:

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.

What we know

  • Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Progress report

  • 2013-07-20 2011UTC: Reports of defacement
  • 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
  • 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
  • 2013-07-22: work on reinstalling the forums continues

The hacker later posted on the twitlonger telling the victims to relax and stay calm as s/he is not going to use the information he stole from ubuntu forum for any malicious intentions. The message went as follows

You can stop worrying about your passwords. Yes, they were encrypted. Encrypted with the default vBulletin hashing algorithm (md5(md5($pass).$salt). Whilst it may not be the strongest, when you’re dealing with 1.8m users it would take a very long time to get anywhere with the hashes. You don’t have to worry about a DB leak. That isn’t how I like to do things.

If I do get into a website, most of the time there’s no REAL malicious intentions. Grab the database, leave a message. That’s it. I don’t like to over-do things. Might cause some downtime, but what if it WAS the “syr14n c3b3r 4rmy” (not that their brain-dead brains have the power to do anything whatsoever), and they did have malicious intentions, and they did leak the database and use it to their own advantage?

Oh, and keep on raging and sending me rage tweets, I love it.

This comes after we reported an attack on our own Central Bank of Kenya hacking by Gaza Hackers Team. What we don’t know is if there are any connections between the two attacks but what we do know is that no one is safe and every security team out there should take caution of their web platforms. Infact some unconfirmed news says that Ubuntu was attacked because they were using an old version of vBulletin which hackers had discovered some security loopholes to take advantage of.

What do you think of all these hacking stories we are hearing about, who is to blame? Join the discussion below on the comments section


About Philemon Samoei

Philemon Samoei is a firm believer of permission-based marketing and that is why my specialization is content strategy and development that will enable me to provide my prospective consumers with valuable and am sure they will reward me with purchases. I can also help you achieve the same. Get me on @philemonsamoei or at www.samphiltech.com

Leave a Reply