I had only done a blog on Linux yesterday, and there is already some more news of obvious incompetence in the Linux world. The forums of Ubuntu, the most popular Linux distribution, have been hacked. Currently there is an announcement with the following message:
Ubuntu Forums is down for maintenance
There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
What we know
- Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
- The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
- Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
2013-07-20 2011UTC: Reports of defacement
2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
The site was also defaced with the following page, by someone calling himself @Sputn1k_:
Apparently the hacker was able to exploit an older version of Vbulletin. If the largest distributor of linux is not even capable of keeping up with security patches for their own forum, that is a bad sign. Perhaps they just thought they were secure, because they were running linux? I thought that myth was already busted. Oh well…