Page 1 of 3
Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 12:18 am
by caf4926
Quote
Ubuntu Forums is down for maintenance
There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
What we know
Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
Progress report
2013-07-20 2011UTC: Reports of defacement
2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
If you're using Ubuntu and need technical support please see the following page for support:
Finding Help.
If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:
The Ubuntu subreddit
The Ubuntu Community on Google+
Ubuntu Discourse
http://www.zdnet.com/ubuntu-forums-hacked-1-82m-logins-email-addresses-stolen-7000018336/
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 12:29 am
by 3mutts
I do, luckily I don't use the password I have there for important things (like email) and the user name doesn't bother me. Also, do I need to change my email address? The worst I think I will get is spam (not dump enough to fall for those) but IDK what else they can use for it.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 12:46 am
by KBD47
Probably a lot of people on this forum have an account there. Good idea to never use the same password in more than one place.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 12:56 am
by caf4926
KBD47 wrote:Probably a lot of people on this forum have an account there. Good idea to never use the same password in more than one place.
A lot of people use the same password everywhere FYI
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 2:03 am
by uzername
caf4926 wrote:KBD47 wrote:Probably a lot of people on this forum have an account there. Good idea to never use the same password in more than one place.
A lot of people use the same password everywhere FYI
A lot of people are dumb.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 2:13 am
by caf4926
A lot of people are dumb.
I couldn't possibly comment
Except to say, all of us have our moments.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 5:59 am
by Zill
caf4926 wrote:A lot of people use the same password everywhere FYI
No excuse for that if you use a password manager such as [url=http://als.regnet.cz/fpm2/]Figaro's Password Manager 2[/url] (it's in the repos).
In addition to securely storing passwords, it can also generate
unique passwords and so there is no need to use the same password on multiple websites.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 6:37 am
by excollier
I can just imagine the sheer delight from some quarters on hearing this news.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 6:57 am
by caf4926
excollier wrote:I can just imagine the sheer delight from some quarters on hearing this news.
Not sure what to make of that.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 7:05 am
by excollier
Well, one forum in particular has a cohort that simply despise anything Ubuntu, and anyone "bad enough" to even speak of it, let alone use it or participate on it's forum.(and that includes using, or approving of, Linux Mint).
Not all of them, just a hard core.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 1:10 pm
by uzername
Zill wrote:caf4926 wrote:A lot of people use the same password everywhere FYI
No excuse for that if you use a password manager such as [url=http://als.regnet.cz/fpm2/]Figaro's Password Manager 2][/url] (it's in the repos).
In addition to securely storing passwords, it can also generate
unique passwords and so there is no need to use the same password on multiple websites.
Or try KeepassX - I can't live without it! Also in the repos.
http://www.keepassx.org/
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 2:00 pm
by daveinuk
I find it kinda sad that people have an obsession like that about an OS, maybe they need some addditional hobbies
I didn't frequent the ubuntu forums much after my conversion to Mint so does that mean everyone will have to recreate their accounts again when it's back or will they just force a password change ?
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 2:18 pm
by sammiev
I would likely expect to see the same post here in a few days. The hackers will likely be here next if they have not already. Change your passwords on both sites.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 4:16 pm
by /dev/urandom
Ubuntu forums, the most unfriendly place on the internet.
No sympathy.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 5:45 pm
by Nilla Wafer
/dev/urandom wrote:Ubuntu forums, the most unfriendly place on the internet.
No sympathy.
I take it you haven't been on many forums. I find Ubuntu Forums one of the
most friendly places on the 'net.
~nilla
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 5:47 pm
by /dev/urandom
Oh, I have. But if you go to the Ubuntu forums and criticize anything that's related to Ubuntu, you're flamed quite instantly.
If you want to talk about the command line instead of doing anything via X11, you're flamed quite instantly.
Etc.
Those are arrogant.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Sun Jul 21, 2013 8:35 pm
by craig10x
/dev/urandom wrote:Oh, I have. But if you go to the Ubuntu forums and criticize anything that's related to Ubuntu, you're flamed quite instantly.
If you want to talk about the command line instead of doing anything via X11, you're flamed quite instantly.
Etc.
Those are arrogant.
The problem on the ubuntu forums is when someone registers just to "troll"...they will make some stupid post about how ubuntu totally screwed up their computer or some other ridiculous nonsense and usually get locked pretty quickly...
Other then that...open discussion is welcome and there are many people who are very helpful with solving problems...including for beginners in that section as well...
and i have had plenty of friendly discussions with people who disagreed with me over there...as long as you don't go "overboard" the moderators don't delete the posts...
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Mon Jul 22, 2013 1:36 am
by AdrianCohea
I feel like this is a pretty good time to point out how great passphrase managers are. People have like 50 accounts and get lazy, so they start reusing their weak passphrases. As a result of this fact, there's like 100% guarantee that someone's online bank account is going to get penetrated after a breach at any online service.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Mon Jul 22, 2013 1:37 am
by /dev/urandom
Depends on 1) how they generate their passphrases and 2) where they store the databases. A KeePass database secured with one of your only 3 passwords in the Canonical cloud is maybe not the best idea.
Re: Ubuntu Forums Hacked - Do you have an account there!
Posted: Mon Jul 22, 2013 6:54 am
by daveinuk
I tend to keep a copy of my usernames/passes in my version of a password manager which is a tatty old small notebook that I very much doubt anyone would be likely to steal even if they could break in and manage to find it, or know what it was
Usernames are normally partial as are email addresses and passwords, there's only me that would ever 'get it', I sleep soundly at night with no worries about my online banking, password managers may be ok but the details on the machine, which is more likely to be taken than a scruffy notebook, sometimes you just can't beat a pen and paper
Edit: this is a good little site for anyone that has trouble thinking them up
https://www.random.org/passwords/