Ubuntu Forums Breached

English: Screen Shot of Installing Ubuntu Server

English: Screen Shot of Installing Ubuntu Server (Photo credit: Wikipedia)


Those nice folks at Canonical have been hit by some hacking bastard and are reporting that the entire user dataset for the Ubuntu Forums has been snaffled. Worth making sure any IDs you use on their site which are also used / referred to elsewhere are changed ASAP – new passwords at least. Subject to confirmation, I believe the site was running using vBulletin as the underlying software. According to The Register, the hacker has been identified as twitter user @Sputn1k_. What a total tosser !

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.

What we know

  • Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Progress report

  • 2013-07-20 2011UTC: Reports of defacement
  • 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
  • 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
  • 2013-07-22 -> 2013-07-25: work on reinstalling the forums continues.
  • 2013-07-26: the forums are up running again and being tested privately by Forum administrators.

If you’re using Ubuntu and need technical support please see the following page for support:

1 Comment

Silver PriceJuly 28th, 2013 at 7:20 am

Well, not you, personally. It’s an Indiegogo crowdfunded campaign that’s asking for $32,000,000 from a variety of users… starting at $600 for the hardware. (And that’s a one-day early bird special.) Canonical founder Mark Shuttleworth describes Edge as a Formula 1-style testbed for new ideas in both software and hardware. Basically, it’s one of those wild concept devices you see bandied about at trade shows. But Canonical and Ubuntu want to make this one real.