Author

Topic: [Breaking] Ubuntu forums hacked, usernames, email and encrypted passwords stolen (Read 1334 times)

sr. member
Activity: 392
Merit: 250
♫ A wave came crashing like a fist to the jaw ♫
http://ubuntuforums.org/announce.html

Quote
Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.
What we know

    Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
    The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
    Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Progress report

    2013-07-20 2011UTC: Reports of defacement
    2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
    2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
    2013-07-22: work on reinstalling the forums continues.

If you're using Ubuntu and need technical support please see the following page for support:

    Finding Help.

If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:

    The Ubuntu subreddit
    The Ubuntu Community on Google+
    Ubuntu Discourse

sr. member
Activity: 392
Merit: 250
♫ A wave came crashing like a fist to the jaw ♫
Quote
Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.
Jump to: