Linux user forum Ubuntu was hacked over the weekend, with usernames, passwords and email addresses captured.
According to a notice on the website, it said that the forums were ‘down for maintenance' and it confirmed that there had been a security breach on the Ubuntu Forums.
Ubuntu confirmed that attackers had gained every user's local username, password and email address from the Ubuntu Forums database, although the passwords were stored as salted hashes. It strongly recommended changing password if users used the same password on another service.
It confirmed on Saturday 20th July that there had been a defacement of the site. Writing on the 2Buntu blog, developer Nathan Osman wrote that: “A group of hackers were able to successfully gain root (super user) access to the servers hosting the Ubuntu Forums today and compromised the entire website”, as reported by ITnews.
Osman said that all usernames, password hashes, email addresses and personal information were compromised.
Jane Silber, CEO of Ubuntu parent Canonical, apologised for the breach and “ensuing inconvenience”. She said that it believes that the issue is limited to the Ubuntu Forums and no other Ubuntu or Canonical site or service was affected, and it had begun the process of notifying all users whose details have been compromised by email.
“We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue,” she said. "Once the investigation is concluded we will provide as much detail as we safely can."
“The forums site will remain down until we can safely bring it up, and updates will be posted to the ubuntuforums.org page as they are available. Once again, we apologise for the issue.”