I got this email earlier today.
Quote:
Hello,
You are receiving this message because you have an account registered with this address on ubuntuforums.org.
The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.
If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.
The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.
We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.
The Canonical Sysadmins.
|
I have no reason to doubt the veracity of this communication. I use a handle at ubuntuforums and there's no way to know I am on it other than to have my real email address, which I never posted there, only provided as part of the sign up. In fact, at the moment, the forum is down and there is an announcement in its place.
http://ubuntuforums.org/announce.html
This is a giant problem. I presume Canonical itself was hacked given that community assistance is part of its OS distribution program, and that its Ubuntuforums use Canonical open source serverware, which is supposed to be invulnerable due to the Linux enterprise origins. If anyone should have been smart enough to put in a defense against this, it would have been Canonical to at least protect its own products.
This is a disaster for Linux and especially Canonical. You can not trust them to keep your stuff secure.
July 24th, 2013, 04:33 PM
Similar Topics