Ubuntu Forums Hacked! Here Is What Hacker Stole?

sohail
sohail

Table of Contents

The forums of the most popular Linux distributions, Ubuntu, was hacked. The news was reported yesterday by Jane Silber on Ubuntu insights. Although he has confirmed that not any password was hacked in the plain text, rather hashed and salted strings which are of no use for the hacker. But, the hacker successfully downloaded other users’ information.

​Ubuntu Forums Hacked!

The Ubuntu forum was hacked and the hacker downloaded 2 million users’ information from users table. Users passwords are also included in the hacked data but it’s useless for hacker. All passwords are hashed and salted in database so no account login can be processed but I still recommend to change password. Though other stuff like emails, usernames and IPs were hacked. Emails can be used to spam. If you’re Ubuntu forum user then from now on be extra careful when responding to any unknown email.

​Known SQL injection vulnerability caused this hack

As reported by Jane Silber that somebody claimed to have a copy of forum database. After the initial investigation, the team confirmed the breach and shut down the forum. The hack was done by a known SQL vulnerability –

“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.”

​Here is something more shocking for me!

I was more shocked when I read that the team did not detect any hack until the hacker himself claimed to have a copy of the forum database. They mentioned that as on 14th, July 2016, Canonical’s IS team was notified by a member of the Ubuntu Forum Council that someone was claiming to have a copy of forum database. I don’t know why but personally, I am more curious to know when the hack actually occurred. Well, I appreciate their policy of being transparent that they exposed this hack to us.

​Now things are working properly.

Servers have been backed up and extra security steps have been taken. The vulnerability that caused this hack has also been fixed. All the systems and database passwords have been reset. A web application firewall, ModSecurity is now helping prevent similar attacks.
They’ve also confirmed things that hacker was never able to have access —

  • We know the attacker was NOT able to gain access to any Ubuntu code repository or update mechanism.
  • We know the attacker was NOT able to gain access to valid user passwords.
  • We believe the attacker was NOT able to escalate past remote SQL read access to the Forums database on the Forums database servers.
  • We believe the attacker was NOT able to gain remote SQL write access to the Forums database.
  • We believe the attacker was NOT able to gain shell access on any of the Forums app or database servers.
  • We believe the attacker did NOT gain any access at all to the Forums front end servers.
  • We believe the attacker was NOT able to gain any access to any other Canonical or Ubuntu services.
Uncategorizednews
sohail

sohail

You might also like

Learning Through Play - CulinarySchools.org's Educational Games Members Public

When I first stumbled upon CulinarySchools.org, I was instantly drawn to its unique concept. This website not only serves as a resource for aspiring chefs and culinary students but also offers a collection of online games that provide a fun and educational experience. As someone who loves exploring food

sohail
sohail
review

Internxt - Zero-knowledge, secure Cloud storage with Linux Client Members Public

With the growing concerns about data breaches and unauthorized access and major cloud storage providers increasing cost and reducing transparency, it's difficult to find a cloud storage service that prioritizes user privacy. Today I will share with you the cloud storage service that deserves a try if you&

sohail
sohail
Reviews

Featured Posts

ChatGPT Alternatives: Exploring Free, Open-Source and Affordable AI Models

Authors →

sohail