Sucuri Blog

Website Security News

Ubuntu Forums Hacked

Ubuntu’s official forum web site (ubuntuforums.org) was hacked, defaced and all user names and
passwords stolen. The forum was very popular with over 1.8 million registered users. The site is now disabled with this warning:

What we know:

-Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.

-The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.

The site was running vBulletin and according to some sources, it was outdated and didn’t have the admin panel protected. During the time it was defaced, it was redirecting to “ubuntuforums.org/signaturepics/Sput.html”, which had this image:

Ubuntu forums hacked

Size of the attack and consequences

The Ubuntu forum was very large with over 1,800,000 registered members. Even though the passwords were not stored in plain text, they should be considered compromised and known by the attackers. And since the site used vBulletin, it is likely that they were just hashed with md5, which makes the job a lot easier to the attackers.

If you have an account there and you use the same password some where else, please
change the password asap.

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  3. Adeel Sami

    Wow, I am just amazed what they do with the sites that have no payment/cc info. Thanks Sucuri for the information !

    • Chad Taljaardt

      Most people use the same passwords for everything, so that means if they have your email address and password they can simply do a search for your accounts online with your email address then log in with your password. They can use Sentry MBA with a paypal script to try log into paypal with email:password combinations. Ive seen people get into roughly 400 paypal accounts with a database of 20,000 users

      Ratio = 20,000:400

      Ubuntu forum

      Ratio = 1,800,000: (you see what im getting at here)

  4. Tuga

    I have been hacked for 3 years now. Tgis time the system does not recognize commands like rm . i have also lost WiFi. Can you help?

  5. Tuga

    And i cant download anything from the manager cós it comes with virusus. Ive looked with passwd the root but not really sure thats working. Hope u can help me. Thanks so much.