Overclock.net banner

[Various] Ubuntu forums hacked; 1.82M logins, email addresses stolen

4K views 58 replies 39 participants last post by  Xeio 
#1 ·
Quote:
Canonical, the company behind the Ubuntu operating system, has suffered a massive data breach on its forums. All usernames, passwords, and email addresses were stolen.
Source: http://www.zdnet.com/ubuntu-forums-hacked-1-82m-logins-email-addresses-stolen-7000018336/
Source: http://www.itworld.com/open-source/366287/ubuntu-forums-hacked-tux-penguin-joins-nra
Source: http://www.pcworld.com/article/2044906/canonical-takes-ubuntu-forums-offline-in-wake-of-password-breach.html
Source: http://www.tweaktown.com/news/31863/ubuntu-user-forums-hacked-1-8-million-user-credentials-stolen/index.html

Also found on Overclock.net, but not the news.
Source: http://www.overclock.net/t/1412153/ubuntu-forums-hacked/0_50

Just received notice via email, apparently been in the news for 2 days but I hadn't heard about it.
 
#3 ·
It was Apple or Samsung haha.

It's gonna stain Ubuntu's reputation with regards to their upcoming phone unfortunately. I'm sure that was the intended purpose. Press is gonna be all over this once Ubuntu Edge launches. Mark my words.
 
#4 ·
Got this earlier today.

 
#5 ·
Quote:
Originally Posted by Syan48306 View Post

Got this earlier today.

Same as me, didn't trust it at first, but UbuntuForums.org are down, and then searched for Google News on the subject to confirm it.
Quote:
Originally Posted by Solarin View Post

I'm not a forum admin or anything, but aren't these credentials normally encrypted in some way on the server?
Yes.
 
#7 ·
Quote:
Originally Posted by dejanh View Post

Already changed my credentials everywhere where they were similar. It does sadly look pretty bad for Ubuntu. Linux is always touted for security and this surely will not benefit that image.
Vbulletin API of the forums.

Not a linux hack job, however, almost nobody will see that.
 
#13 ·
I was just starting the process of changing all of my awful passwords to long, complex, and different ones because I just found a cross-platform tool called KeePass to manage my passwords on a USB stick. Hopefully they don't brute force my password before I finish changing everything
tongue.gif
 
#15 ·
Quote:
Originally Posted by Ryude View Post

How does the forums being hacked reflect on the operating system? Isn't it a reflection of the forum software itself?
People are dense and take it as a sign that anything related to them isn't as secure or whatever. It's just people getting ideas off baseless information, happens all the time, but when the masses are uninformed sheep when it comes to technology it's the reality.
 
#16 ·
I had an account there. I haven't logged into it in about 3 years. I'm sure that over half of the 1.82 million accounts are one and dones. The pretentious attitude was enough to turn me away. Like most forums a lot of people are helpful but a few "hipsters" really ruin it for everyone.
 
#20 ·
If you read carefully it says that encrypted passwords were stolen. Highly doubt the hackers will go to the trouble of decrypting all 1.82m passwords, if they can even decrypt them in the first place.

Most of the time when an article says "hackers" it is just some average guy using an exploit that is already well known.
 
#21 ·
Quote:
Originally Posted by Ryude View Post

If you read carefully it says that encrypted passwords were stolen. Highly doubt the hackers will go to the trouble of decrypting all 1.82m passwords, if they can even decrypt them in the first place.

Most of the time when an article says "hackers" it is just some average guy using an exploit that is already well known.
They can't decrypt them, all passwords are hashed before being saved to the database. Then when you login, the password you entered is hashed using the same algorithm and compared to the one they have stored.
 
#26 ·
Quote:
Originally Posted by RAND0M1ZER View Post

They can't decrypt them, all passwords are hashed before being saved to the database. Then when you login, the password you entered is hashed using the same algorithm and compared to the one they have stored.
........
Hackers have databases or dictionaries of hashes for some simple passwords: 'password,' 'Johnny,' '12345' etc. The algorithm can be reverse engineered... well, at least in theory. Just google 'hashes dictionary' or such.
Salted-hashes take more time - computing power, that is - and probably not worthy cracking. Look for 'salt cryptography.'
Just use passwords longer than 8 characters and non dictionary words. For numbers - say, granny's birthdate, use the upper signs [Shift + Key] on the numeric keys; eg: 12345=!@#$%.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top