Ubuntu Forums compromised – 2 mn. email addresses stolen

Hackers have succeeded in retrieving part of the Ubuntu Forums database by exploiting a security flaw in the Forum Runner extension for vBulletin. Some 2 million user names and associated email and IP addresses were stolen, Le Monde Informatique reports, although the attackers failed to obtain users’ passwords.

Canonical, the company behind Ubuntu Linux, announced the security breach last Friday after it had been alerted by a person claiming he had a copy of the database. An enquiry revealed that the attacker gained access to the records due to a vulnerability.

The SQL code injection flaw was found in the Forum Runner extension for vBulletin, the commercial forum software used by more than 100,000 community websites. The vulnerability was known about, but Canonical’s security team was not able to apply a patch in good time, although the flaw has since been patched.

Waves of spam and phishing attempts expected

Canonical temporarily closed the site as a precaution and to ensure that no malicious code has been left behind after this attack, installed the most recent version of vBulletin on its servers and reset all the system’s passwords.

Although there is no immediate danger for Ubuntu Forum accounts, users could be targeted by spam and phishing trying to get them to visit malicious sites or download malware, as is often the case after attacks of this kind.

Ubuntu’s forums are not the first sites running on vBulletin to have been compromised; this happened with MacRumors.com in 2013.