Ubuntu’s Forums Hacked, Over 2 Million User Credentials Leaked

By | July 17, 2016

Ubuntu Forum Hacked

Popular Derbian-based Linux operating system (OS) Ubuntu’s user forums have been hacked with over two million user details leaked online.  It includes

  • Usernames,
  • Email addresses,
  • IP addresses.

Ubuntu is one of the the most popular Linux distribution systems used for PCs, smartphones and network servers. .

According to Canonical Ltd which makes the OS says

There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored.  In the interest of transparency, we’d like to share the details of the breach and what steps have been taken.  We apologise for the breach and ensuing inconvenience.

How it exploited

Canonical Ltd also added that two million users have been accessed by an unnamed attacker who was able to exploit an SQL (Structured Query Language) injection vulnerability. The method used is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution that helps the hacker to dump the database contents to his drive/system.

The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers. This gave them the ability to read from any table but we believe they only ever read from the ‘user’ table.

They used this access to download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users. No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted).

According to Canonical CEO, Jane Silber, No passwords were taken via the SQL injection attack, and only limited user data was accessed and downloaded. As of now the exploited security bug has been corrected and service has been restored. The servers have also been wiped, rebuilt, hardened and the forum software was fully patched. However, it is advisable that one should change their login as soon as possible.

Subscribe for latest hacking update