Ubuntu Forums Hacked

If you are a user of Ubuntu, the most popular Linux distribution in the world, than you might have heard that Ubuntu Forums got Hacked.  Canonical, the company behind Ubuntu, sent out an email to all users of Ubuntu Forums.  Here is the entire email in case you are a member of Ubuntu Forums and have not received it yet;

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

If you have an account with Ubuntu Forums and use the same password for the email account associated with Ubuntu Forums, like they said, I would highly recommend changing those.  If this hacker team (this is my assumption) was good enough to hack Ubuntu Forums I am fairly certain they are knowledgeable enough to solve the salted hashes.  Who knows what they plan to do with all the data anyway.

Currently UbuntuForums.org is still down and Canonical is working on getting it back up.  If you visit the domain here you will see this simple HTML page with information of what Canonical knows and a progress report of of what they are doing to get the site back up and fix the security breach.

ubuntu forums

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.

What we know

  • Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are stronglyencouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

No word on when Ubuntu Forums will be back up and running but hopefully it will be up again soon.  I assume for any Ubuntu users looking for help to problems this is quite an inconvenience but there are a number of tech and Linux forums you can use in the meantime while Ubuntu Forums is down.  You can also use IRC channels for to get help with Ubuntu issues.

I would imagine whatever security measures Canonical has for Ubuntu Forums they must be pretty good.  If Ubuntu Forums can get hacked I thinks that means a lot of companies forums could get hacked.