Ubuntu Forums Breach Affects Two Million Users

Canonical, the developer of Ubuntu Linux, has warned that data concerning two million users of its forums was compromised in a breach.

The incident, occurring amidst a number of large data breaches concerning social media sites such as LinkedIn that have affected hundreds of millions of users, is an embarrassment for the developer, in part because it resulted from the failure to fix a known bug in the site’s forum software.

Unpatched flaw

Canonical said it was notified of the breach on Jul 14 and temporarily shut down the forums, which run on software called vBulletin using an add-on called Forum Runner, while it investigated.

“There was a known SQL injection vulnerability in the Forum Runner add-on in the forums which had not yet been patched,” Canonical said in an advisory.

The unpatched bug allowed an attacker to inject SQL into the forums database that gave them the ability to read from any of that database’s tables, the company said, adding it believes the attacker only read from the “user” table.

“They used this access to download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users,” Canonical stated.

Unlike in the case of a similar breach of Canonical’s forums almost exactly three years ago, in July 2013, no active passwords were accessed, because the forums now rely on Ubuntu’s single sign-on system, which generates random strings that are stored as passwords stored in the database’s “user” table, according to the company.

Repeat incident

“The attacker did download these random strings (which were hashed and salted),” Canonical stated. Hashing and salting are forms of encryption.

In the 2013 breach the passwords of 1.8 million users were accessed, and the company advised users to change credentials that had been reused on other websites.

Canonical said it thinks the attacker wasn’t able to access any code repository or update mechanism or any valid user passwords, and believes the incident was confined to reading the forums database.

The company said it has reset its system and database passwords, rebuilt the servers running vBulletin and installed the most recent security fixes, as well as tightening its monitoring of vBulletin to ensure patches are kept up to date and installing a web application firewall.

“We apologise for the breach and ensuing inconvenience,” Canonical stated.

User data breaches pose a growing risk in part because information such as passwords can often be used to stage attacks on other accounts.

The recent breach affecting business social network LinkedIn, for instance, led to further hacks on prominent individuals including Mark Zuckerberg and is believed to have facilitated a wave of attacks using a remote desktop tool called TeamViewer.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

15 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

16 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

18 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

20 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago