Ubuntu Forum Hack Exposes Email and Password Data of 1.8 Million Users

12

Comments

+ Add a Comment
avatar

PCLinuxguy

1.8 million. yep. still in the 1% (supposedly) that's still a ton of users. Good thing I never put personal information in my accounts I use online, use Lastpass/keepass and never have the same password on all of my accounts.

avatar

Incognito

I use (and highly recommend) LastPass (online) and KeePass (offline) as well, but in this case it didn't really matter. All they got were password hashes which is basically worthless except for the passwords which could have been easily obtained using a brute-force dictionary attack anyway.

avatar

Xenux

From Securiblog

"The site was running vBulletin and according to some sources, it was outdated and didn’t have the admin panel protected. During the time it was defaced, it was redirecting to “ubuntuforums.org/signaturepics/Sput.html”,"

avatar

Wily_One

Thanks for the heads up - I got no email from Ubuntu. And I can't change my pw at the moment because they have the website down. hmmm...

But yeah what are they going to get from me?

Real name used? Nope.
Other personally identifiable information? Nope.
Credit card/Bank info? Nope.
Same password used on other sites? Nope.

meh

avatar

jgottberg

That's funny. I could have sworn I've read comments on here by various posters boasting about the security of the Linux/Unix platform...

avatar

Incognito

Wow, way to make yourself look like a complete idiot. Maybe you should enroll in some reading comprehension courses. Hacking web-based forum software <> hacking an OS.

avatar

jgottberg

btw, where the hell you been? I haven't seen you post in ages and the first time I do, you are ripping me. lol!

avatar

jgottberg

It was a shitty and ill-executed attempt at sarcasm. lol

avatar

AFDozerman

The attack vector wasn't the kernel of the OS...

avatar

wolfing

I use Lastpass, works great.

avatar

Bucket_Monster

Yeah LastPass is a crucial app I can't do without. Nobody should be using the same passwords for multiple sites and this makes it extremely easy to manage. Of course, make sure you have a good master password.

avatar

AravindaChoo

Yep - got that today.

I gave myself a patpat on the back though, because I learned long ago to use a unique password for everything. I hear, all too often, the dreaded (or welcomed, if you are a hacker) words "I use the same password for everything."

Fine and dandy if you're talking about useless trash-talk forums, answers forums, or , lol, reddit~ but not fine for your personal information.

http://appu.gtnoise.net/appu.html <-this is an extension for chrome that my developer friend made to avoid password dups. He's a GA Tech Student, and this was his teams' project. This article made me think of it. (I promise I'm not spamming it, lol.)

Anyway, I saw it here first about the ubuntu forums, so thanks.