Ubuntu forums got hacked

[Floren]

http://ubuntuforums.org/announce.html

They are running... vBulletin4.

• Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
• The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
• Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

 

[chulapi]

Hey you, the programmer of a search tool, please use the search function
http://xenforo.com/community/threads/ubuntu-forums-hacked.55296/

Btw this thread fits better on a general admin forum or at vB.com but not here. This is XenForo.

This thread will be closed.

 

[ManagerJosh]

Well they are locking the thread too..

http://www.vbulletin.com/forum/foru...vb4-2-0-hacked-1-824-159-accounts-compromised

 

[Rob]

Chulapi, dont think me rude (as you were to Floren) but, I don't think its really your place to decide what constitutes a good or bad discussion here on xenforo. The post relates to security, and at that, forum security which I find not only relevant but highly so.

The fact it pertains to a competitors software holes is only fuel to the amusement factor.

I see little reason why a thread which is reporting real world and relevant facts already in the public domain would be closed?

 

[MikeMpls]

Do we even know that it was hacked through vBulletin and not through some vulnerability in Linux or some administrative utility or access outside of the forums?

I think all we know is that it was a major hack, we don't know how ....

 

[Rob]

I am assuming the attack vector was vBulletin itself since the same people have hacked many other vbulletin boards, including thestudentrooms. From their twitter, many other boasts are aimed at forum based sites.

In their announcement, they say, and I quote

We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.

Note, they dont say they are reinstalling Linux or anything else. Reading between the lines of their announcement, I'd wager a large bet that vBulletin was the vector.

 

[Slavik]

This has been discussed in several other threads, and closed for the same reason.