The Ubuntu online forums have been hacked and the username, IP address, and email address of over two million users have been exposed.
The Ubuntu online forums have been hacked for the second time in a few months and data of more than 2 Million users have been exposed.
According to Ubuntu, the hackers exposed users’ data including usernames, email addresses, and IP addresses. The data breach was caused by the failure in applying a patch to the Ubuntu online forums.
The news was first reported by BetaNews that cited the official announcement from Canonical.
“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation.” announced Jane Silber, Chief Executive Officer at Canonical. “Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience.”
Experts from Canonical discovered that hackers exploited a known SQL injection vulnerability in the Forumrunner add-on in Ubuntu online forums.
The administrators of the Ubuntu online forums failed to fix the security vulnerability, despite such kind of issues are easy to patch once detected.
This is really an embarrassing situation!
The attackers injected formatted SQL to the Forums database accessing the entire archive and included data.
The attackers used the above access to download portions of the ‘user’ table containing data belonging more than 2 Million users.
Fortunately, the passwords belonging to the Ubuntu online forums were Hashed and Salted as the Forums rely on Ubuntu Single Sign On for logins.
“We know the attacker was NOT able to gain access to any Ubuntu code repository or update mechanism.
We know the attacker was NOT able to gain access to valid user passwords.
We believe the attacker was NOT able to escalate past remote SQL read access to the Forums database on the Forums database servers.
We believe the attacker was NOT able to gain remote SQL write access to the Forums database.
We believe the attacker was NOT able to gain shell access on any of the Forums app or database servers.
We believe the attacker did NOT gain any access at all to the Forums front end servers.
We believe the attacker was NOT able to gain any access to any other Canonical or Ubuntu services.” added the blog post published by Ubuntu.
The incident raised a heated discussion about Canonical’s responsibility for the very bad patch management that exposed users data.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.