LINUX FIRM Canonical has suffered a breach on the Ubuntu forums and is going full burn on the wretched servers.
The firm explained in a statement that it noticed suspicious activity before too much damage was done, and immediately began cleaning things up and clearing bad things out.
"There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, and follow a strict set of security practices. This incident has triggered a thorough investigation," Canonical said in a security alert.
"Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we'd like to share the details of the breach and what steps have been taken. We apologise for the breach and ensuing inconvenience."
and #ubuntu forum is down when i need it... :(— abhishek thakur (@abhi1thakur) July 15, 2016
This happened last week, so this is a fast turnaround for this kind of thing. Canonical said that it was tipped to the problem on 14 July.
"Canonical's team were notified by a member of the Ubuntu Forums Council that someone was claiming to have a copy of the Forums database. After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure," the firm said.
"Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched. The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers.
"This gave them the ability to read from any table, but we believe they only ever read from the ‘user' table. They used this access to download portions of the ‘user' table which contained usernames, email addresses and IPs for two million users. No active passwords were accessed."
No passwords accessed is the good news for users, and spares us from repeating all the stuff about picking complex, hard to guess passwords. However, there is remedial work to be done and Canonical is doing it.
"We backed up the servers running vBulletin, and then wiped them clean and rebuilt them from the ground up. We brought vBulletin up to the latest patch level. We reset all system and database passwords," the company added.
"We've installed ModSecurity, a web application firewall, to help prevent similar attacks in the future. We've improved our monitoring of vBulletin to ensure that security patches are applied promptly." µ
Home, Home on the strange
Team Red is prepping Navi for the budget GPU arena
Early-adopters beta be careful
China back in your hands