The email addresses, password details and user names of every single user on the Ubuntu forums — an estimated 1.85-million people — have been exposed in a massive security breach that hit the company responsible for maintaining the open-source OS.
No ad to show here.
According to Ars Technica, the forums (which remain closed), were shut down on Saturday after it was discovered that their home site had been defaced and that someone had managed to gain privileged access to its underlying servers.
Once the page was down, Canonical also quickly issued an advisory, urging forum users who use the same password on other accounts to change their credentials immediately.
“While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them,” Ubuntu CEO Jane Silber wrote in an updated advisory. “If users used the same password on other services, they should immediately change that password.”
At present there’s no indication that any of the information obtained by the hacker has been posted online. As Ars notes however, the fact that they went to the bother of defacing the site shows that they’re not afraid of publicity, so it’s likely that something will appear soon.
As always, the best advice for anyone concerned about their password being breached on any site, is to have a password manager and choose a long, randomly generated password that’s different for each site.