The next day Ubuntu released a security notice confirming that their database had been breached. The usernames, IPs and email addresses of 2 million users have been stolen, and the hackers are selling a copy of the forum’s database.
In their investigation, it was determined that the attacker gained access to user records through an unpatched SQL vulnerability. An exploited SQL injection flaw that was located in an add-on to the Forum for vBulletin – web forum software that powers over 100,000 community websites on the internet – allowed the attacker to “download portions of the user table”.
vBulletin’s client roster also boosts EA Sports, Sony, NASA and the Denver Broncos.
Hopefully these sites were running the latest patch level.
While we know that the attackers have gained certain information. Canonical is certain that the attackers did not gain access to user passwords, as the Forums reply on Ubuntu Single Sign On (SSO) for logins. They did not download any of the random strings – that according to Canonical were hashed and salted. Canonical also believes that the attackers were not able to gain the following:
In response to this hack, Canonical temporarily took the website down, then backed their servers up running vBulletin, wiped them clean and rebuilt them from the ground up. They then brought vBulletin up to the latest patch level and reset all system and database passwords. While the attackers did not gain access to the passwords, users should still be wary of potential spam and phishing emails that may attempt to distribute malware.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.