Ubuntu Forums hacked, 1.8 million passwords and emails stolen

Ubuntu hackedThere has been a massive data breach impacting over 1.8 million users of the Ubuntu operating system this weekend.

Canonical, the lead developers of the Ubuntu Linux-based operating system, has admitted that its online forums were not just defaced this weekend, but also that hackers managed to steal every users’ email address, password and username from the Ubuntu Forums database.

The first clue that anything was amiss was when hackers posted a (hard-to-miss) message on the Ubuntu Forums homepage of a penguin holding a sniper’s rifle:

Ubuntu forums defacement

This was later released by an official statement from Ubuntu Forums:

Ubuntu warns users

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What we know

  • Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

It’s possible that the administrators of Ubuntu Forums weren’t doing a great job keeping their forum and server software up-to-date, and this could have allowed the hackers to exploit a vulnerability.

In addition, I think some will raise an eyebrow at the vague language (“not stored in plaintext”) used to describe how passwords were secured on the Ubuntu Forums. That seems a missed opportunity to help affected forum users assess how likely it is that their password will be cracked.

Sign up to our free newsletter.
Security news, advice, and tips.

However, the advice to ensure that you are using different passwords on different websites is a good one. If you don’t do that, there is always the risk that a hack in one place could lead to a security breach against other online accounts that you might own.

Of course, compromised passwords leading to account hacking aren’t the only risk here. There is also the danger that the hackers could use the email addresses they have stolen for spam campaign, perhaps even launching a carefully-crafted attack designed to pique the interest of Ubuntu lovers.

If you ever registered an account on Ubuntu Forums, make sure you aren’t using the same password anywhere else and be on your guard.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Ubuntu Forums hacked, 1.8 million passwords and emails stolen”

  1. Yeah well, hope you know more about 'puters than you do about guns:


    "sniper's rifle" … snicker


    1. I'm delighted to admit I know nothing about guns.

  2. Regarding how the passwords were stored, the site was running vBulletin, and therefore passwords were stored as md5(md5(pass).salt)

  3. Angga Lisdiyanto

    This is seriously danger, i hope the hackers just want to doing security test.

  4. The Ubuntu Forums temporary splash page says the personal messages and posts have been lost. I hope they can find a way to restore at least the posts, as the forums have been a treasure trove of how-to information for Ubuntu Linux users, as well as other users of Debian-derivative systems.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.