Ubuntu Forums security breach

Martin Brinkmann
Jul 15, 2016

Canonical announced today that it detected a security breach on the Ubuntu Forums site. The company has since then taken corrective actions and restored the forums service.

According to the company, it became aware of the breach on July 14, 2016 after a member of the Ubuntu Forums Council informed the company that someone claimed to have a copy of the Forums database.

Canonical confirmed the breach shortly thereafter and discovered that the attacked used a SQL injection vulnerability to gain access to the Forums database.

It believes that the attacker managed to dump a portion of the users table of the forum. This table contains usernames, email addresses and IP addresses for the two million users of the forum.

Passwords were not accessed, but encrypted Ubuntu Single Sign On for logins were. The attacker did download these strings which were hashed and salted according to Canonical.

The attacker did not manage to gain access to Ubuntu code, repository, or update mechanisms. Also, the attacker did not gain access to valid user passwords as they were not stored using that database.

There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologise for the breach and ensuing inconvenience.

Canonical performed cleanup and hardening operations. First, it backed up the servers running the vBbulletin software, then wiped them clean and rebuilt them from the ground up. It updated the forum software to the latest patch level, and reset all system and database passwords.

Also, it installed ModSecurity on the server which protects the server from certain kinds of attacks, and improved its monitoring of vBulletin to "ensure that security patches are applied promptly".

This reads as if the vBulletin forum software was not fully patched even though it could have been, and that this resulted in the successful attack against the forum software.

Good news is that passwords were not stolen. Affected forum members need to be aware that the attacker, or someone buying the database dump, could still use the information for attacks.

Possible scenarios include phishing emails, social engineering, and brute force attacks against popular services on the Internet using the email address in question.

Now You: What would you do if you'd be affected by the hack?

Ubuntu Forums security breach
Article Name
Ubuntu Forums security breach
Canonical announced today that it detected a security breach on the Ubuntu Forums site. The company has since then taken corrective actions and restored the forums service.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Maou said on July 16, 2016 at 2:10 am

    Hey Martin, not related but can we have Ghacks in SSL ? :)

    1. beemeup4 said on July 16, 2016 at 11:47 pm

      HTTPS is for when you need to send and receive private information. Why would ghacks need it? Setting up a certificate (and making sure it’s working properly) is also the most difficult thing a site owner would ever have to do.

      1. Jason said on July 17, 2016 at 3:24 pm

        @ilev: I agree with that sentiment. The more widespread HTTPS is, the harder MitM attacks will be against the average user who is not savvy enough to have a VPN. But I wouldn’t mandate HTTPS; that’s going too far.

      2. ilev said on July 17, 2016 at 7:53 am

        Every Internet connection should mandatory be encrypted.

  2. Martin Brinkmann said on July 15, 2016 at 8:58 pm

    In other news, Trillian forum got hacked as well: https://www.trillian.im/help/trillian-blog-and-forums-security-incident/

    1. Anonymous said on July 15, 2016 at 9:38 pm

      I wasn’t aware that Trillian still exists! :)

      1. George said on July 19, 2016 at 11:14 pm

        Of course and it’s still great. A new version (v6) has just been released.

    1. dev said on July 15, 2016 at 8:12 pm

      at that time did they use vbulletin too? once more for hat trick

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.