UPDATED 14:26 EST / JULY 18 2016


Ubuntu Forums data breach exposes 2 million users

Ubuntu aficionados beware, as a data breach of the Ubuntu Forum has resulted in the leak of information for two million users. It should be noted that the breach has not hit Canonical Ltd., which runs the Ubuntu operating system, but rather the forum, so other services are still safe.

The notice from Canonical explains that the breach was made possible through an SQL injection vulnerability in the forum’s Forumrunner add-on, which had not been patched. By injecting certain formatted SQL into the forum database, the hacker could then reach any table, particularly the “user” table.

From there, the hacker could access the usernames, email addresses, and IP addresses for the forums 2 million users. However, no passwords were accessed, as the forum uses Ubuntu Single Sign On for logins; the only “passwords” the hacker could get were hashed and salted random strings, which will serve no purpose.

Additionally, the hacker was unable to access any Ubuntu code repository or update mechanisms. Canonical also believes that the hacker couldn’t get past remote SQL read access, gain remote SQL write access, or gain shell access on any of the Forums app or, database servers, or front end servers.

Still, an attack is an attack, and Canonical has acted quickly to respond. All the servers have been backed up, wiped clean, and rebuilt. All system and database passwords have also been reset. vBulletin, which the forum uses, was brought to the latest patch level, and new steps are being undertaken to ensure that all security patches are applied immediately. Last but not least, Canonical installed a new Web Application Firewall, ModSecurity, in order to protect the forum further.

This is not the first time Ubuntu Forums have been affected by a data breach, as Breachful and The Hacker News note that a similar attack happened in July 2013. The recurring attacks are a reminder to constantly be up to date on security features, as a single missed update gave the hacker the opportunity to take the forum’s data.

Image by fsse8info

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.