Canonical takes Ubuntu forums offline in wake of password breach

As for now the breach doesn't seem malicious as much as it is pointing out a security flaw.

Canonical, makers of the Ubuntu Linux distribution, recently announced that its Ubuntu help forums suffered a security breach over the weekend. Attackers were able to harvest an estimated 1.82 million user names, email addresses, and passwords from the site. Canonical says it isn't sure how hackers were able to breach its systems and the company has taken the forums at offline as a precaution.

Canonical is warning anyone with an Ubuntu Forums account about the hack via email. The company is also advising users to change their security credentials on other sites, especially email, if they used the same password and username/email for other online services. services such as Ubuntu One are not believed to be affected by the hack since they do not share the same login account as the Ubuntu forums.

Malicious penguin

Fans of the Ubuntu forums began reporting that the site had been defaced on Saturday. The hacker or group of hackers who breached the site posted an image of a penguin (the Linux mascot is a penguin) holding an AK-47.

The message underneath the image suggested the hackers were more interested in exposing a poorly secured site than anything else. "None of this '[you got hacked] by albani4 c3bir 4rmy' stuff," the message on Ubuntu's forums site said. "Straight up, you dun goofed. It's as simple as that."

It's not clear if the hackers plan on exposing the database of user names and passwords online. Nevertheless, there is a definite possibility these account credentials could begin circulating around the less reputable areas of the Internet.

Canonical says forum user passwords were not stored in plain text and were hashed and salted. A hash uses a mathematical algorithm to convert plain text passwords into a series of numbers and letters. A specific hash will create the same string of letters and numbers each time for the same input (in this case a password). To make hashes more secure they are further obscured by "salting," a process that inserts random bits into the hash making it harder to guess the original password.

Canonical had not returned our request for comment at this writing, so it's not clear which hashing algorithm the company was using. However, a report from Ars Technica says Canonical was using the md5 hash. MD5 is a popular hashing algorithm that is often used by software companies as a security check to let users ensure downloaded executable files were not tampered with or corrupted. But md5 is not considered to be a secure choice for hashing passwords.

Batten down the hatches

Reports of password breaches are always a good time to reevaluate your own online security practices. Always make sure you are using unique passwords for every site you visit online. For tips on generating your own passwords check out PCWorld's "Learn to use strong passwords" or "Passwords: You're doing it wrong. Here's how to make them uncrackable."

Use a password manager such as LastPass or Password Safe to store all your various passwords for different online sites. These programs can also create new passwords for you and can automatically fill out login forms for you.

Finally, activate two-factor authentication for any services that support this security measure such as, Dropbox, Evernote, Facebook, Gmail, Twitter, and Two-factor authentication requires you to enter a second, shorter temporary password that is usually generated by a smartphone application or small key fob.

Many services that offer two-factor authentication allow you to set trusted PCs so that you only have to enter your credentials once on new PCs or browsers.

Canonical has not said when Ubuntu forums will be back up. In the meantime, any Ubuntu user looking for support can check out sites such as Stack Exchange's Ask Ubuntu or Ubuntu Discourse.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersLinuxCanonsecurityNonecanonicalsoftwareoperating systemsubuntu

More about DropboxEvernoteFacebookLinuxUbuntu

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place