No Passwords Stolen During Ubuntu Forums Data Breach

A few days ago, the Ubuntu Forums were breached by unknown assailants. A total of two million user accounts were stolen, albeit there is no need to worry just yet. User passwords are not compromised, as the assailants only obtained random text strings stored in the database. The issue has been corrected in the meantime, and full service has been restored.

Ubuntu Forums Hack Does Not Affect User Accounts

In most cases when a data breach takes place, user accounts are not safe from harm. But as far as the Ubuntu Forums hack is concerned, no user passwords were stolen. The issue came to light when a deep web seller claimed to own a copy of the Ubuntu Forums database, containing roughly two million user accounts.

The Canonical IS team investigated the matter promptly and discovered an exposure of data had taken place. The Ubuntu Forums were shut down for a while to address this issue, and ensure new security measures could be implemented. As it turns out, an SQL injection vulnerability had been used to exploit the Forumrunner add-on.

Among the information, the assailant managed to access were all database tables. However, it appears they only read from the “user” table. This list contains all specific usernames on the Ubuntu Forums, but the “password” table as not accessed by any means. Portions of the user table were downloaded, allowing assailants to get a list of usernames, email addresses, and IP addresses.



Related Post

While there were passwords stored in the user table, they were not active passwords being used on the Ubuntu Forums. Instead, there were random strings, as the forum uses Ubuntu Single Sign On for login activity. Moreover, all of these random strings were hashed and salted, adding an extra layer of security.

So far, the Ubuntu Forums administrators have backed up all of the servers running vBulletin, and rebuilt them after wiping them clean. The vBulletin software has been updated to the most recent version as well. Last but not least, all database and system passwords have been reset to ensure no further breaches could take place.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Aptos (APT) and Tron (TRX) Prices Slide, As Volume Soars For Rollblock Suggesting Parabolic Rally

As Aptos and Tron prices take a recent downturn, the spotlight shifts to Rollblock, whose…

5 hours ago

Altcoins to Watch in November: Binance Coin (BNB), Rollblock (RBLK), and Neiro (NEIRO)

As the crypto markets roll into their most bullish time of year, we present three…

5 hours ago

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

5 hours ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

6 hours ago

Llama 3.2 Predicts Price For Dogecoin: $2 Peak By 2025 And $5 Rally For DTX Exchange This Winter

Cryptocurrency trends are keen on the forecast that was recently released by Llama 3.2 model…

7 hours ago

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

8 hours ago