• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Ubuntu Forums Hacked

July 21, 2013David Dede

0
SHARES
FacebookTwitterSubscribe

Ubuntu’s official forum web site (ubuntuforums.org) was hacked, defaced and all user names and
passwords stolen. The forum was very popular with over 1.8 million registered users. The site is now disabled with this warning:

What we know:

-Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.

-The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.

The site was running vBulletin and according to some sources, it was outdated and didn’t have the admin panel protected. During the time it was defaced, it was redirecting to “ubuntuforums.org/signaturepics/Sput.html”, which had this image:

Ubuntu forums hacked

Size of the attack and consequences

The Ubuntu forum was very large with over 1,800,000 registered members. Even though the passwords were not stored in plain text, they should be considered compromised and known by the attackers. And since the site used vBulletin, it is likely that they were just hashed with md5, which makes the job a lot easier to the attackers.

If you have an account there and you use the same password some where else, please
change the password asap.

0
SHARES
FacebookTwitterSubscribe

Categories: Security AdvisoryTags: Hacked Websites

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. sarankumar

    July 21, 2013

    Thanks for the info

  2. LOL

    July 21, 2013

    LOL

  3. Adeel Sami

    July 21, 2013

    Wow, I am just amazed what they do with the sites that have no payment/cc info. Thanks Sucuri for the information !

    • Chad Taljaardt

      July 21, 2013

      …

      Most people use the same passwords for everything, so that means if they have your email address and password they can simply do a search for your accounts online with your email address then log in with your password. They can use Sentry MBA with a paypal script to try log into paypal with email:password combinations. Ive seen people get into roughly 400 paypal accounts with a database of 20,000 users

      Ratio = 20,000:400

      Ubuntu forum

      Ratio = 1,800,000: (you see what im getting at here)

  4. Tuga

    May 8, 2016

    I have been hacked for 3 years now. Tgis time the system does not recognize commands like rm . i have also lost WiFi. Can you help?

  5. Tuga

    May 8, 2016

    And i cant download anything from the manager cós it comes with virusus. Ive looked with passwd the root but not really sure thats working. Hope u can help me. Thanks so much.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.