Andre Yoskowitz
22 Jul 2013 21:37
The popular Ubuntu Forums have been hit by a security breach, exposing the user names, passwords and email addresses for 1.82 million registered users.
So far, it does not appear the data has been published online.
On Saturday night, unknown assailants defaced the Ubuntu homepage (see picture) and someone was able to gain access to servers. Canonical, the company behind Ubuntu, quickly issued an advisory letting all users know to safeguard other accounts and change their passwords.
The forums remained offline throughout the weekend.
"While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," Ubuntu CEO Jane Silber wrote. "If users used the same password on other services, they should immediately change that password."
The passwords were "cryptographically scrambled using the MD5 hashing algorithm, along with a per-user cryptographic salt," added Silber, although many security experts find that to be insufficient to really protect data.