2016-07-15



Ubuntu Forums has been hacked, again. Again, because Ubuntu Forums were hacked back in 2013 as well. Last time around 1.8 million users were impacted and this time, over 2 million users have their data stolen.

Unlike the last time, users’ passwords are safe this time. However, users’ name, IP addresses and most importantly, their email address have been stolen.

So if you were using Ubuntu Forums, get prepared to get spam emails (Nigerian prince is going to make you an offer you must refuse) as most likely your email address will be sold to various scammers.

How did it happen?

Canonical CEO Jane Silber revealed the details of the security breach in a blog post. If you follow hacking news and you have an interest in hacking and stuff, you would get the obvious culprit of the forums hack.

Yes, you guessed it right! It was an SQL injection. For those who are not aware of it, SQL injection is one of the most common hacking technique used mostly against forums like websites. SQL injection was the most used hacking technique in the year 2015.

According to Jane, “there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched”. As Ubuntu Forums uses Ubuntu Single Sign On for login, the passwords are safe.

In fact, Canonical wasn’t even aware of this successful hack until someone started selling/claiming Ubuntu Forum userbase. Once alerted, they took the swift action and after taking corrective actions full service of the Forums has been restored.

What do we know about the Ubuntu Forums hack?

To give you quick points about this hack and its details, I would summarize it in the following points:

2 million users of Ubuntu Forums impacted

IP address and email address have been stolen by the hackers

Valid use passwords are safe

Ubuntu code repository and update mechanism are safe

Canonical ‘thinks’ that the attackers were NOT able to gain any access to any other Canonical or Ubuntu services

Vulnerability has been patched

Full service of the Ubuntu Forums has been resumed

How will Ubuntu Forums hack impact you?

If we go by Canonical’s words, your password is safe but as your email address has been leaked, you should be extra cautious about the kind of emails you receive. Don’t open attachments from emails if you don’t know the sender, don’t believe that you have won a lottery or a Libyan aristocrat is willing to marry you.

You should also remain vigilant about other kinds of email phishing scams.

What do you think?

It was not long back when we had the scare of Linux Mint hack and now Ubuntu has been targeted. As they say “a chain is only as strong as its weakest link” and this comes true for the Ubuntu Forums hack which was compromised because of an SQL injection vulnerability in a plugin.

Silly hacks (silly because SQL injection is favorite weapon of even script kiddies) like this, can only be avoided if proper security mechanism is put in place. It’s good that Canonical has used Single Sign On so the passwords are still safe but a better security around its web assets will be better for both Canonical’s reputation and users’ trust.

What do you think of the Ubuntu Forums hack?

Show more