The forums of the most popular Linux distributions, Ubuntu, was hacked. The news was reported yesterday by Jane Silber on Ubuntu insights. Although he has confirmed that not any password was hacked in the plain text, rather hashed and salted strings which are of no use for the hacker. But, the hacker successfully downloaded other users' information.
Ubuntu Forums Hacked!
The Ubuntu forum was hacked and the hacker downloaded 2 million users' information from users table. Users passwords are also included in the hacked data but it's useless for hacker. All passwords are hashed and salted in database so no account login can be processed but I still recommend to change password. Though other stuff like emails, usernames and IPs were hacked. Emails can be used to spam. If you're Ubuntu forum user then from now on be extra careful when responding to any unknown email.
Known SQL injection vulnerability caused this hack
As reported by Jane Silber that somebody claimed to have a copy of forum database. After the initial investigation, the team confirmed the breach and shut down the forum. The hack was done by a known SQL vulnerability -
"Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched."
Here is something more shocking for me!
I was more shocked when I read that the team did not detect any hack until the hacker himself claimed to have a copy of the forum database. They mentioned that as on 14th, July 2016, Canonical’s IS team were notified by a member of the Ubuntu Forum Council that someone was claiming to have a copy of forum database. I don't know why but personally, I am more curious to know when the hack actually occurred. Well, I appreciate their policy of being transparent that they exposed this hack to us.
Now things are working properly.
Servers have been backed up and extra security steps have been taken. The vulnerability that caused this hack has also been fixed. All the systems and database passwords have been reset. A web application firewall , ModSecurity is now helping prevent similar attacks.
They've also confirmed things that hacker was never able to have access --