Ubuntuforums.org, the home of a variety of support forums dedicated to users of this popular Linux distribution, has been hacked over the weekend and defaced to show an image of a penguin toting a rifle, apparently the “logo” of the hacker who’s responsible for the breach.
Unfortunately, that was not the whole extent of the damage, as Canonical – the UK company that develops the distro – has confirmed that the username, password, and email address of all the registered forum users have been compromised.
“The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP,” they warned, adding that Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach.
According to the numbers provided by the Internet Archive Wayback Machine, the forum has a little over 1,8 million members, 19,493 of which are active.
In a move that can only be praised, Canonical has shared all the aforementioned information about the breach and the advice for changing passwords with the users via email almost immediately after the compromise was detected.
Ubuntu CEO Jane Silber has shared with Dan Goodin that the company uses MD5 algorithm to encrypt the passwords and a per-user cryptographic salt, which is not the greatest solution, so changing the currently used password – on the forum or anywhere else it is used – should be a must for all users as soon as the forums are back online.
The hacker who executed the attack has not explained the reason for the attack, but it’s likely he (she?) did it to harvest user information that can be used for spamming, account hijacking, spear phishing emails, and more.