“Canonical, the company behind the Ubuntu operating system, has suffered a massive data breach on its forums. All usernames, passwords, and email addresses were stolen.”
In any event, one wonders why Canonical chose to use non-free PHP code instead of phpBB or Wikimedia or some other Free Software. Surely code they could run, examine, modify and distribute would be more robust. vBulletin’s licence does permit running, examination, and modification but not distribution. Presumably the FLOSS codes would have a lot more eyes on them, finding vulnerabilities and fixing them.
“Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
2013-07-20 2011UTC: Reports of defacement
2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.”
One interesting bit in all this. If they have 1.8 million posting on the forums, they must have an order of magnitude or more users actually reading the forums. Canonical is reaching a lot of people and should put a bit more effort into providing security. The black hackers are like sharks in the water when a site is popular.