Ubuntu Forums hacked (again)

Ubuntu Forums hacked (again)

Canonical, the company behind Ubuntu, has warned that there has been a security breach on the Ubuntu Forums site, resulting in the theft of two million members’ usernames, IP addresses, and email addresses:

At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu Forums Council that someone was claiming to have a copy of the Forums database.

After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.

Yes, you read that correctly. A patch was available, but no-one bothered to install the patch at Ubuntu Forums.

What a goof. If you don’t patch the software running on your website, don’t be surprised if a hacker compromises your system and makes off with your customer’s data.

Sign up to our free newsletter.
Security news, advice, and tips.

If you think you may have heard a similar story in the past, your memory isn’t deceiving you. Ubuntu Forums was previously hacked in 2013.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

2 comments on “Ubuntu Forums hacked (again)”

  1. Mike

    Seems the Ubuntu Forums and WebHostingTalk forums are running the same version of vBulletin. Wonder if the same people or exploit was used in both hacks.

  2. Michael

    This is the same mentality whic dosen't care about what Special K or Bath Salts do to you. Same as whoring around: "Oh, I got AIDS or incurable clap or siph. Play a one-hole golf course rather than 9-18-36 holes in different locations around the world. (That's a pun.)

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.