UPDATED 14:26 EDT / JULY 18 2016

NEWS

Ubuntu Forums data breach exposes 2 million users

Ubuntu aficionados beware, as a data breach of the Ubuntu Forum has resulted in the leak of information for two million users. It should be noted that the breach has not hit Canonical Ltd., which runs the Ubuntu operating system, but rather the forum, so other services are still safe.

The notice from Canonical explains that the breach was made possible through an SQL injection vulnerability in the forum’s Forumrunner add-on, which had not been patched. By injecting certain formatted SQL into the forum database, the hacker could then reach any table, particularly the “user” table.

From there, the hacker could access the usernames, email addresses, and IP addresses for the forums 2 million users. However, no passwords were accessed, as the forum uses Ubuntu Single Sign On for logins; the only “passwords” the hacker could get were hashed and salted random strings, which will serve no purpose.

Additionally, the hacker was unable to access any Ubuntu code repository or update mechanisms. Canonical also believes that the hacker couldn’t get past remote SQL read access, gain remote SQL write access, or gain shell access on any of the Forums app or, database servers, or front end servers.

Still, an attack is an attack, and Canonical has acted quickly to respond. All the servers have been backed up, wiped clean, and rebuilt. All system and database passwords have also been reset. vBulletin, which the forum uses, was brought to the latest patch level, and new steps are being undertaken to ensure that all security patches are applied immediately. Last but not least, Canonical installed a new Web Application Firewall, ModSecurity, in order to protect the forum further.

This is not the first time Ubuntu Forums have been affected by a data breach, as Breachful and The Hacker News note that a similar attack happened in July 2013. The recurring attacks are a reminder to constantly be up to date on security features, as a single missed update gave the hacker the opportunity to take the forum’s data.

Image by fsse8info

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU