Linux OS Ubuntu's Forums Hacked, 2 Million Users' Data Stolen

Recently Canonical has announced that the official Ubuntu forum has been hacked, so it is recommended immediately to change the login credentials. This hack has affected nearly 2 million users since the attackers have gained access to the database of the forum.



Linux OS Ubuntu’s Forums Hacked, 2 Million Users’ Data Stolen

Canonical has announced that the official Ubuntu forum has been hacked and is now known that two million accounts have been compromised as announced by the Canonical, the company behind the development of the most popular Linux distribution Ubuntu. Hence, the committed data contains the IP addresses, usernames, and email addresses.

The hackers managed to enter into the forum through a security breach, which consisted of insufficient protection of the site against SQL injection type attacks. SQL injection is to introduce SQL commands at the site in order to access the same database. Hence, the attackers gained access to the site’s user table, which contains all the information from the forum users.

Jane Silber, CEO of Canonical, has had to face for the company and apologized by saying the following:

“There has been a security breach on the website of the Ubuntu forums. We take very seriously the information security and privacy of users, following a strict set of security practices and this incident has started a thorough investigation. Corrective measures have already been taken and service forums and has been fully restored. In the interest of transparency, we will share all the details of the security breach and the measures taken. We apologize for the security breach and for any inconvenience caused”.

Later, Jane Silber explained that “After an initial investigation, we can confirm that there has been exposure data and have closed the forums as a precaution. On further investigation, we have found that there was a known SQL injection vulnerability in the Forumrunner supplement that had not been patched yet”.

Continuing its intention to offer full transparency has also published what attackers has managed to access and what not.

Attackers managed to access:-
(:)Attackers have been able to inject SQL code formatting to a database of forums on the database server. This gave the people ability to read any table, but Canonical believe only been able to read the “user” table.

(:)Attackers have used this access to download portions of the user table containing usernames, email addresses and IP addresses of 2 million users. No detected access to the passwords, which are stored in this table as strings of random characters because the Ubuntu forums rely on access via Ubuntu Single Sign On, so attackers have only been able to have access to the chains on which has been applied hash and salt.

Attackers failed to access:-
(:)Canonical knows that the attackers were unable to access any of the major repositories of Ubuntu or update mechanism.
(:)Canonical knows that the attackers have not been accessed through valid user passwords.
(:)Canonical believes that the attackers were not able to climb a remote read access to SQL database on the server forums database.
(:)Canonical believes that the attackers were unable to gain remote access to write SQL Server database.
(:)Canonical believes that the attackers were not able to gain access to the shell on any of the applications of the forum or the server database.
(:)Canonical believes that the attackers were not able to access servers at all frontend the forum.
(:)Canonical believes that the attackers were not able to access any other service Canonical or Ubuntu through this attack.

According to the information provided by Canonical so far, the users’ passwords have not been committed. But, it would be advisable to change the password used for the Ubuntu forums and all websites where it is used.

Since this is not the first attack for Ubuntu forums, in 2013 they were also victims of another attack in which a similar number of accounts were pledged, but with more serious consequences because the passwords were not insured as they should.


COMMENTS

AUTHOR