• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Ubuntu Forums Suffer Data breach; Credit Goes to SQL Flaw

July 16th, 2016 Uzair Amir Hacking News, Security 0 comments
Ubuntu Forums Suffer Data breach; Credit Goes to SQL Flaw
Share on FacebookShare on Twitter
Another day another hack — This time, it’s Ubuntu forums facing massive data breach affecting registered users!

The official forum website for Ubuntu suffered a security breach on 14th July 2016 in which the unknown attackers used an SQL injection vulnerability to steal login credentials of the forum.

In a security notice from Jane Silber of Ubuntu, it was revealed that a registered forum member reported to Ubuntu Forums Council about hackers selling a copy of the forum database. Upon investigating, it was discovered that someone stole the database using an unpatched SQL vulnerability in the forum’s Forumrunner add-on allowing attackers to “download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users.”

Silber further revealed that attackers could not access active passwords saved in the table as Ubuntu Forums rely on Ubuntu Single Sign On (SSO) for logins however the downloaded strings were salted and hashed. For those who don’t know what Single sign-on (SSO) is, it’s a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

Any good news?

Yes, good news according to Silber is that attackers couldn’t use passwords, front end servers, forum app or database servers, Ubuntu update mechanism and services are safe as attackers could not access any of them. All database and server passwords have been reset while the security flaw has been patched and new security measures have been implemented.

[fullsquaread][/fullsquaread]

A history check shows this is NOT the first time when Ubuntu forums have suffered a security breach. In 2013, hackers bypassed the security of Ubuntu forums and accessed email and passwords of each and every registered user.

[src src=”Source” url=”http://insights.ubuntu.com/2016/07/15/notice-of-security-breach-on-ubuntu-forums/”]Ubuntu[/src]

  • Tags
  • breach
  • Cyber Crime
  • hacking
  • internet
  • Privacy
  • security
  • Ubuntu
Facebook Twitter LinkedIn Pinterest
Previous article HSBC Website Suffers DDoS Attack
Next article PokemonGo Servers Go Offline; PoodleCorp Claims Responsibility
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

43
Why you should never use free a VPN
Drones

Why you should never use free a VPN

27
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

247

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us