Ubuntu Forums Database HackedUbuntu Forums Database Hacked
Canonical probe reveals user account details of 2 million stolen, passwords safe.
July 19, 2016
Ubuntu Forums’ database was recently discovered hacked after Canonical, the company behind Ubuntu, was alerted that someone claimed to have a copy of the Forums database. An investigation revealed that a security breach had exposed usernames, email, and IP addresses for 2 million users. Passwords, however, were not accessed.
Canonical explained in a blog: "No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted)."
The company further explained that the breach was due to a SQL injection vulnerability in the platform which powers the forum and which had not been patched.
“The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers…. This gave them the ability to read from any table, but we believe they only ever read from the ‘user’ table,” says Canonical.
The website was shut down as a precautionary measure and the server wiped clean and rebuilt.
Read more details here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Supply Chain Cyber Risk Management Whitepaper