Canonical on Saturday issued an alert that “every user’s local user name, password and email address” had been obtained by hackers. The breach affects about 1.82 million registered users of the site, according to snapshot archive of the site.
The stolen passwords were “not stored in plaintext”, but stored as salted hashes, according to Canonical. However Jane Silber, Canonical’s CEO, noted that users should assume they were compromised and take extra steps if the password was used across different services.
“While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them. If users used the same password on other services they should immediately change that password,” wrote Silber.
The breach and site defacement has been attributed to a hacker using the Twitter handle Sputn1k, who also credited another person. The hackers replaced the forum's page with an image a penguin, similar to the Linux Tux mascot, only holding a machine gun.
It’s unclear how the hackers breached the forum’s servers, however it reportedly was running on the vBulletin forum software and Silber suggests a weakness in the software is one avenue it is exploring.
“We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue. Once the investigation is concluded we will provide as much detail as we safely can,” said Silber.
It's also not known whether the hackers who stole the database have released it or plan to release it to the public.