Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Ubuntu Forums Database HackedUbuntu Forums Database Hacked
Canonical probe reveals user account details of 2 million stolen, passwords safe.
Dark Reading Staff
July 19, 2016
1 Min Read
Ubuntu Forums’ database was recently discovered hacked after Canonical, the company behind Ubuntu, was alerted that someone claimed to have a copy of the Forums database. An investigation revealed that a security breach had exposed usernames, email, and IP addresses for 2 million users. Passwords, however, were not accessed.
Canonical explained in a blog: "No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted)."
The company further explained that the breach was due to a SQL injection vulnerability in the platform which powers the forum and which had not been patched.
“The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers…. This gave them the ability to read from any table, but we believe they only ever read from the ‘user’ table,” says Canonical.
The website was shut down as a precautionary measure and the server wiped clean and rebuilt.
Read more details here.
About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
Events
