ubuntu forums compromised

Right now (21.00 today), the ubuntu forums site says it is “down for maintenance”. It appears to have been down since yesterday.


The site reports:

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

It goes on:

Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.

I’d say that was good advice. Change your passwords now.

Permanent link to this article: https://baldric.net/2013/07/21/ubuntu-forums-compromised/