Ubuntu Forums Hacked

Ubuntu’s official forum web site (ubuntuforums.org) was hacked, defaced and all user names and
passwords stolen. The forum was very popular with over 1.8 million registered users. The site is now disabled with this warning:

What we know:

-Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.

-The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.

The site was running vBulletin and according to some sources, it was outdated and didn’t have the admin panel protected. During the time it was defaced, it was redirecting to “ubuntuforums.org/signaturepics/Sput.html”, which had this image:

Ubuntu forums hacked

Size of the attack and consequences

The Ubuntu forum was very large with over 1,800,000 registered members. Even though the passwords were not stored in plain text, they should be considered compromised and known by the attackers. And since the site used vBulletin, it is likely that they were just hashed with md5, which makes the job a lot easier to the attackers.

If you have an account there and you use the same password some where else, please
change the password asap.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • sarankumar

    Thanks for the info

  • LOL

    LOL

  • Adeel Sami

    Wow, I am just amazed what they do with the sites that have no payment/cc info. Thanks Sucuri for the information !

    • Chad Taljaardt

      Most people use the same passwords for everything, so that means if they have your email address and password they can simply do a search for your accounts online with your email address then log in with your password. They can use Sentry MBA with a paypal script to try log into paypal with email:password combinations. Ive seen people get into roughly 400 paypal accounts with a database of 20,000 users

      Ratio = 20,000:400

      Ubuntu forum

      Ratio = 1,800,000: (you see what im getting at here)