Ubuntu forums breached, again!

ubuntu_logo_81x81Ubuntu forums have been hacked, again. Details of 2 million users have been breached giving away usernames, email addresses and IP addresses. User passwords were not compromised. If you remember, this is a repetition of the massive hack in Jun 2013 giving away details to 1.82 million user accounts. Despite the measures being taken and the assurances, the incident is definitely going to hurt the popularity of the forum.

The root cause behind the hack is even more ridiculous – a known vulnerability in the Forumrunner add-on which had not yet been patched. This definitely shows the lackluster attitude of the forum admins towards user data. Far too many Linux users are very much concerned about their privacy and Ubuntu forums have failed them not once, but twice.

Canonical CEO Jane Silber has made the incident public in a blog post on Ubuntu Insights.

The team has worked on subsequent cleanup, extra backup and hardening by installing ModSecurity, a webapp firewall.

However, this may warrant a more concrete and long term plan by working on keeping the systems up to date, ensuring important security patches are applied as soon as they arrive. In any case, though it sounds harsh, we wouldn’t advice you not to trust Ubuntu forums with any important or private data.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s