Ubuntu forum hack details start to emerge

Updated: Discussion board taken offline while Canonical claims it is getting closer to identifying root cause of hack.

Offline

Canonical claims to have found the root cause of the security breach that reportedly led to millions of Ubuntu Forum users having their email and passwords compromised.

The Ubuntu developer took the web forum down, which is used by people who want to discuss the workings of the Linux-based operating system, on Saturday.

It's really not hard, when both sides of an arrangement live up to their security obligations to make things very difficult for the bad guys out there.

This followed a defacement of the forum by hackers, who gained access to every member's email address, hashed password and username.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

At the time of writing, the site was still down, but a holding page set up to alert forum users about the breach claims the firm is getting closer to revealing how the hackers accessed its systems.

"We believe the root cause of the breach has been identified [and] we are currently reinstalling the forums software from scratch," the holding page states.

"No data (posts, private messages, etc.) will be lost as part of this process."

Canonical CEO Jane Silber advised users in a blog post dated 21 July to assume their passwords have been accessed and to change them.

She also confirmed the company has started notifying affected users by email, and at this time has no reason to believe the hackers accessed other Ubuntu or Canonical sites or services.

"We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue," she said.

Advertisement - Article continues below

"Once the investigation is concluded, we will provide as much detail as we safely can."

According to reports, around 1.8 million users are thought to have been affected by the breach.  

Graham Cluley, former Sophos senior technology consultant and independent IT security expert, said the hackers could have accessed the site in several ways.

"It's possible the administrators of Ubuntu Forums weren't doing a great job at keeping their forum and server software up-to-date and this could have allowed the hackers to exploit a vulnerability," he offered in a post on his website.

Advertisement
Advertisement - Article continues below

He also claimed the breach could leave users at risk of account hacking and spam emails.

However, Conrad Constantine, Ubuntu Forum's member and research engineer and at security vendor AlienVault, said he was happy with Canonical's handling of the breach.

Advertisement - Article continues below

"Ubuntu did its part (making sure the impact of the password database being stolen is minimised, via salted, hashed entries), [and] I've done my part (making sure that I don't use the same credentials for a lower-security site like the Ubuntu Forums, on a higher security site, like my online banking)," he said.

"It's really not hard, when both sides of an arrangement live up to their security obligations to make things very difficult for the bad guys out there," he added.

*This article was originally posted on 22 July, and updated today to reflect new information about the Ubuntu hack.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/operating-systems/28025/best-linux-distros-2019-the-finest-open-source-operating-systems-around
operating systems

Best Linux distros 2019

24 Dec 2019
Visit/open-source/34540/view-from-the-airport-linux-open-networking-summit-2019
open source

View from the airport: Linux Open Networking Summit 2019

1 Oct 2019
Visit/software/28109/what-is-open-source
Software

What is open source?

13 Sep 2019
Visit/operating-systems/25139/ubuntu-vs-mint-which-one-is-better
operating systems

Ubuntu vs Mint: Which one is better?

27 Mar 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020