Popular Open Source operating system' 'Ubuntu' official online forum site have been hacked and roughly 2 millions user data stolen.
Company mentioned that online forum has been affected by this hack where user IP address, email address and username were stolen.
Conical made an announcement of the hack and says,
“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience”, says Jane Silber, Chief Executive Officer, Canonical Ltd.
Silber further explains, “after some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched”.
Company mentioned that online forum has been affected by this hack where user IP address, email address and username were stolen.
Conical made an announcement of the hack and says,
“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience”, says Jane Silber, Chief Executive Officer, Canonical Ltd.
Forum was running on vBulletin CMS and a vulnerable addons was the cause of the hack. Now all the system were cleaned and had installed a new Web Application Firewall “to help prevent similar attacks in the future” and say they will improve monitoring of vBulletin to “ensure that security patches are applied promptly.”
Not the Fist time
This is not the first time that Ubuntu online forum has been compromised, earlier also it was hacked and site was defaced by a hacker name @Sputn1k_. At that time also users data were stolen and appolize for the same.