Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ubuntuforums hacked


  • Please log in to reply
3 replies to this topic

#1 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:40 AM

Posted 20 July 2013 - 05:38 PM

Hi,
apparently ubuntuforums.org got hacked. Their page looked like this for a while:

15u3X7V.png

and now show the following message:

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. If you're using Ubuntu and need technical support please see the following page for support:

Finding Help.

If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:

The Ubuntu subreddit
The Ubuntu Community on Google+
Ubuntu Discourse


I'm curious to hear what happened. At least it seems like no malware was served (although one can't be too sure yet. Waiting for the official statement from Canonical).

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:40 AM

Posted 20 July 2013 - 05:40 PM

Update:


What we know

  • Unfortunately the attackers have gotten every user's local username, password, and email address.
  • The passwords are not stored in plain text but even so users are strongly encouraged to change their passwords on other services if you are using the same one.
  • Users of Ubuntu SSO are NOT affected by the breach.
Progress report
  • 2013-07-20 2011UTC: Reports of defacement
  • 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.


sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#3 buddy215

buddy215

  • Moderator
  • 13,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:40 PM

Posted 21 July 2013 - 11:42 AM

Just checked to see if the Canonical Store site was affected.....nope, still up and running. I've

bought stuff from there and that would be my major concern...CC#

 

Somewhere between 1.8 million to 2 million registered forum users. If you start getting a lot of spam

in the email you registered with....well, this hack could be the source.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 myrti

myrti

    Sillyberry

  • Topic Starter

  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:40 AM

Posted 22 July 2013 - 04:59 PM

Hi,

I finally got the email today:

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.


The website now states that they've identified the weak link that allowed the intrusion and are currently reinstalling everything. I wonder what the weak link was and how badly they got compromised, given the fact that they reinstall everything from scratch and have been down for 2 days now.

I hope they'll make a full statement once everything is up and running again, detailing what happened. :)

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users