Another day another hack — This time, it’s Ubuntu forums facing massive data breach affecting registered users!
The official forum website for Ubuntu suffered a security breach on 14th July 2016 in which the unknown attackers used an SQL injection vulnerability to steal login credentials of the forum.
In a security notice from Jane Silber of Ubuntu, it was revealed that a registered forum member reported to Ubuntu Forums Council about hackers selling a copy of the forum database. Upon investigating, it was discovered that someone stole the database using an unpatched SQL vulnerability in the forum’s Forumrunner add-on allowing attackers to “download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users.”
Silber further revealed that attackers could not access active passwords saved in the table as Ubuntu Forums rely on Ubuntu Single Sign On (SSO) for logins however the downloaded strings were salted and hashed. For those who don’t know what Single sign-on (SSO) is, it’s a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
Any good news?
Yes, good news according to Silber is that attackers couldn’t use passwords, front end servers, forum app or database servers, Ubuntu update mechanism and services are safe as attackers could not access any of them. All database and server passwords have been reset while the security flaw has been patched and new security measures have been implemented.
A history check shows this is NOT the first time when Ubuntu forums have suffered a security breach. In 2013, hackers bypassed the security of Ubuntu forums and accessed email and passwords of each and every registered user.