Ubuntu user forums hack leaks millions of user details

Canonical, the parent company of popular Linux distribution Ubuntu, has disclosed that its user web forums have suffered a major data breach.

Over the weekend, Canonical said that it had come across claims that a third party had a copy of the Ubuntu Forums database.

The company was able to verify that a breach had taken place, with a database containing details of two million Ubuntu Forums users being leaked.

No "active passwords" were copied over, although the attacker downloaded the random, hashed and salted strings generated by Ubuntu Single Sign On that is used for Forum logins. 

Canonical shut down the Ubuntu Forums while it investigated the hack, which was achieved by exploiting unpatched ForumRunner add-on software for VBulletin using a simple structured query language injection attack (SQLi).

The company believes the attacker only read the table containing the Forum users with SQLi even though it was possible to read and copy over others as well.

Further investigation showed that the hacker was not able to access the Ubuntu code repository or update mechanism, Canonical said.

Canonical also believes the attacker was not able to reach further into its systems, and did not gain write or shell access to the Ubuntu Forums app or database servers. 

All forum servers were wiped by Canonical and rebuilt from scratch, with the Vbulletin forum software being patched. The open source software company also installed the ModSecurity web application firewall (WAF) to prevent future SQLi attacks.