Ubuntu Forums security breach - gHacks Tech News

Ubuntu Forums security breach

Canonical announced today that it detected a security breach on the Ubuntu Forums site. The company has since then taken corrective actions and restored the forums service.

According to the company, it became aware of the breach on July 14, 2016 after a member of the Ubuntu Forums Council informed the company that someone claimed to have a copy of the Forums database.

Canonical confirmed the breach shortly thereafter and discovered that the attacked used a SQL injection vulnerability to gain access to the Forums database.

It believes that the attacker managed to dump a portion of the users table of the forum. This table contains usernames, email addresses and IP addresses for the two million users of the forum.

Passwords were not accessed, but encrypted Ubuntu Single Sign On for logins were. The attacker did download these strings which were hashed and salted according to Canonical.

ubuntu forums

The attacker did not manage to gain access to Ubuntu code, repository, or update mechanisms. Also, the attacker did not gain access to valid user passwords as they were not stored using that database.

There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologise for the breach and ensuing inconvenience.

Canonical performed cleanup and hardening operations. First, it backed up the servers running the vBbulletin software, then wiped them clean and rebuilt them from the ground up. It updated the forum software to the latest patch level, and reset all system and database passwords.

Also, it installed ModSecurity on the server which protects the server from certain kinds of attacks, and improved its monitoring of vBulletin to "ensure that security patches are applied promptly".

This reads as if the vBulletin forum software was not fully patched even though it could have been, and that this resulted in the successful attack against the forum software.

Good news is that passwords were not stolen. Affected forum members need to be aware that the attacker, or someone buying the database dump, could still use the information for attacks.

Possible scenarios include phishing emails, social engineering, and brute force attacks against popular services on the Internet using the email address in question.

Now You: What would you do if you'd be affected by the hack?

Summary
Ubuntu Forums security breach
Article Name
Ubuntu Forums security breach
Description
Canonical announced today that it detected a security breach on the Ubuntu Forums site. The company has since then taken corrective actions and restored the forums service.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

    1. dev said on July 15, 2016 at 8:12 pm
      Reply

      at that time did they use vbulletin too? once more for hat trick

  1. Martin Brinkmann said on July 15, 2016 at 8:58 pm
    Reply

    In other news, Trillian forum got hacked as well: https://www.trillian.im/help/trillian-blog-and-forums-security-incident/

    1. Anonymous said on July 15, 2016 at 9:38 pm
      Reply

      I wasn’t aware that Trillian still exists! :)

      1. George said on July 19, 2016 at 11:14 pm
        Reply

        Of course and it’s still great. A new version (v6) has just been released.

  2. Maou said on July 16, 2016 at 2:10 am
    Reply

    Hey Martin, not related but can we have Ghacks in SSL ? :)

    1. beemeup4 said on July 16, 2016 at 11:47 pm
      Reply

      HTTPS is for when you need to send and receive private information. Why would ghacks need it? Setting up a certificate (and making sure it’s working properly) is also the most difficult thing a site owner would ever have to do.

      1. ilev said on July 17, 2016 at 7:53 am
        Reply

        Every Internet connection should mandatory be encrypted.

      2. Jason said on July 17, 2016 at 3:24 pm
        Reply

        @ilev: I agree with that sentiment. The more widespread HTTPS is, the harder MitM attacks will be against the average user who is not savvy enough to have a VPN. But I wouldn’t mandate HTTPS; that’s going too far.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.