Canonical has said its forums were hacked Thursday. It said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.
Ubuntu forum was used by Linux devs, Ubuntu users and aficionados to discuss the bugs, flaws, upcoming builds and other general Linux talk.
“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience”, says Jane Silber, Chief Executive Officer, Canonical Ltd.
Silber further explained, “after some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched”.
Submitted by: Arnfried Walbrecht