Related Links

Top 5 Stories


Ubuntu Forum Hacked; 1.8 Million Accounts Compromised

22 July 2013

On Saturday, Canonical – which looks after the Ubuntu Linux user forum – received reports of a site defacement. Within four minutes it had taken the Ubuntu Forums site off-line to investigate what turns out to be a major hack.

The defacement was only online for a few minutes, but long enough for it to be captured: a gun-toting penguin that seems to be saying the hack was performed by @Sputn1k. A message beneath the image states, "None of this 'y3w g0t haxd by albani4 c3bir 4rmy' stuff. Straight up, you dun goofed. It's as simple as that."

Sputn1k, however, is not very popular. "You must feel proud defacing a site by volunteers. They dedicate time and effort to make a free distro. Worst kind of 'hacker'" tweeted Alex. "This jerk took down the Ubuntu Forums, one of the most important resources on the web. Let's hope he gets what's coming to him" tweeted Kim Belding.

Sputn1k himself has just three tweets on his own account, the latest of which simply reads, "Sputn1k beging for mercy #lulz."

The message from Canonical replacing the defacement provides further information. The message is still there at the time of writing this report. "Unfortunately", it says, "the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database." It adds that the passwords "are not stored in plain text, they are stored as salted hashes."

It doesn't say how many passwords have been stolen. The Register comments, "a quick trip to the site through the wayback machine produces a page stating the site has 1,824,159 members, of whom 19,493 are classified as 'active.'”

That's a lot of passwords – and undoubtedly that will include a lot of weak passwords and a lot of passwords that are used on other accounts. Despite the hashing and salting, the weak passwords will be easily cracked. And where those cracked passwords are used on other accounts, they will be compromised. "If you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP," warns Canonical.

But even without cracking the passwords, Graham Cluley sees another threat. The attackers have the email addresses of users known to have an interest in Ubuntu. Enough for a spam campaign, but "perhaps even launching a carefully-crafted attack designed to pique the interest of Ubuntu lovers." Victims of this hack should therefore also beware of Ubuntu-based phishing attacks.

This article is featured in:
Data Loss  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×