• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Ubuntu forums got hacked

Status
Not open for further replies.

Floren

Well-known member
#1
http://ubuntuforums.org/announce.html

They are running... vBulletin4. :D
  • Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
ubuntu.png
 

Rob

Well-known member
#4
Chulapi, dont think me rude (as you were to Floren) but, I don't think its really your place to decide what constitutes a good or bad discussion here on xenforo. The post relates to security, and at that, forum security which I find not only relevant but highly so.

The fact it pertains to a competitors software holes is only fuel to the amusement factor.

I see little reason why a thread which is reporting real world and relevant facts already in the public domain would be closed?
 

MikeMpls

Well-known member
#5
Do we even know that it was hacked through vBulletin and not through some vulnerability in Linux or some administrative utility or access outside of the forums?

I think all we know is that it was a major hack, we don't know how ....
 

Rob

Well-known member
#6
I am assuming the attack vector was vBulletin itself since the same people have hacked many other vbulletin boards, including thestudentrooms. From their twitter, many other boasts are aimed at forum based sites.

In their announcement, they say, and I quote
We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
Note, they dont say they are reinstalling Linux or anything else. Reading between the lines of their announcement, I'd wager a large bet that vBulletin was the vector.
 
Status
Not open for further replies.