Canonical's Jane Silber has announced the Ubuntu community forums have been breached. The notice, which was posted early on July 15, indicates the attacker managed to gain access to the forum's database and access user information. "After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched. The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers. This gave them the ability to read from any table but we believe they only ever read from the 'user' table. They used this access to download portions of the 'user' table which contained usernames, email addresses and IPs for two million users. No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted). The notice goes on to mention the attacker was not able to access Ubuntu's code or update repositories and could not access users' passwords.
Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu, Linux Mint or Zorin OS pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.