Ubuntu Forums Attacked, 1.8 Million Users' Data Exposed
An image that was posted on the Ubuntu forums website July 20, 2013.
CREDIT: Public domain
The usernames, passwords and email addresses of the Ubuntu Forums' more than 1.8 million users were exposed in a cyberattack that defaced the site's homepage Saturday (July 20) and caused administrators to temporarily suspend operations.
Canonical, the London-based company that develops the free Ubuntu Linux open-source operating system and maintains the Ubuntu Forums, told tech blog Ars Technica that the passwords had been protected using a "salted" variant of the MD5 encryption algorithm.
Ars Technica writer Dan Goodin pointed out that while anything would be better than storing passwords in plaintext, MD5 is no longer considered secure, even when salted with random data to slow down brute-force decryption.
For its part, Canonical was quick to alert the Ubuntu Forums' users about the breach with a posting on the site's front page. The company advised users to take immediate action to mitigate any further potential damage to any of their online accounts.
"Good practice dictates that users should assume the passwords have been accessed and change them," Canonical CEO Jane Silber wrote in a posted statement. "If users used the same password on other services, they should immediately change that password."
"The forums site will remain down until we can safely bring it up, and updates will be posted to the ubuntuforums.org page as they are available," Silber added.
"We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue," she said. "Once the investigation is concluded, we will provide as much detail as we safely can."
Adding insult to injury, the hacker or hackers splashed their own logo and Internet handle, @Sputn1k, over the Ubuntu homepage.
"None of this 'y3w g0t haxd by albani4 c3bir army' stuff. Straight up. you dun goofed. It's as simple as that," the attacker message said.
As of Monday (July 22), the Ubuntu Forums site was still down. Until it's back up, Ubuntu users can get tech support from the official Ubuntu Help pages.