Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Ubuntu Forums Security Breach

Published: 2013-07-31
Last Updated: 2013-07-31 11:41:26 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

Ubuntu forums are currently down because they have been breached. According to their post, "the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database." [1] They have advised their users that if they are using the same password with other services, to change their password immediately. Other services such as Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected. Their current announcement is can be read here.

Update: Ubuntu posted a post mortem on the Forums compromised that occurred last week available here. They provided a good summary on how they think the compromised occurred and what they did to clean and harden the site against further attack.




Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

2 comment(s)
Diary Archives