Ubuntu forums breached

Khannie

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
Progress report

2013-07-20 2011UTC: Reports of defacement
2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
If you're using Ubuntu and need technical support please see the following page for support:
Finding Help.
If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:

The Ubuntu subreddit
The Ubuntu Community on Google+
Ubuntu Discourse

link.

Wonder what kind of hash it is. At least it's salted.

900913

It's a vBulletin forum so I'm guessing they are
vBulletin Hashes - md5(md5($pass).$salt)

They are not that difficult to crack depending on your setup, If the site admin has setup his own encryption then it could be much different but most just leave vBulletin alone.


http://www.insidepro.com/hashes.php

Khannie

900913 wrote: »

They are not that difficult to crack depending on your setup

Yep. That's what's slightly concerning.

I fully expect them to be leaked and then collectively cracked. Mine is in there. It's either weak as bejaysus (first pass), or pretty strong (would require brute force) but I can't remember which. It's a LOONNG time since I joined the ubuntu forums and I haven't gone on it since I moved to keepass.

On the up side, we may get some new insight into passwords that people use.

It may also push vbulletin to use a better hash.

BaconZombie

Would be interesting to see how many Ubuntu users have the same password for the fourms and their local account.

Khannie wrote: »

Yep. That's what's slightly concerning.

I fully expect them to be leaked and then collectively cracked. Mine is in there. It's either weak as bejaysus (first pass), or pretty strong (would require brute force) but I can't remember which. It's a LOONNG time since I joined the ubuntu forums and I haven't gone on it since I moved to keepass.

On the up side, we may get some new insight into passwords that people use.

It may also push vbulletin to use a better hash.

Khannie

Got this email this morning:

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

They left it long enough.

Khannie

Still down 4 days later. Not great.

[-0-]

They probably found a whole bunch of XSS vulnerabilities and they need to fix them all before bringing it up again.

Can't risk being owned again.

Not great for the timing with Ubuntu Edge it has to be said.