E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach hitting the company responsible for maintaining the freely available, open-source operating system. There's no sign the compromised data has been published online.
The Ubuntu Forums were closed Saturday evening, following the discovery that the site's homepage was defaced by someone who managed to gain privileged access to its underlying servers. To their credit, administrators with Canonical, the for-profit company that markets Ubuntu, quickly issued an advisory that warned users who used their forum password to safeguard other accounts to change the credentials immediately.After Being Hacked, Canonical Warns Ubuntu Forum Users To Change Passwords Immediately [arstechnica.com]
"While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," Ubuntu CEO Jane Silber wrote in an updated advisory. "If users used the same password on other services, they should immediately change that password."
Msg#: 4595324 posted 1:46 am on Jul 24, 2013 (gmt 0)
I dug around a bit too. It looks like they were running vB 4.2.0 and 1.8 million accounts were compromised?! That's a huge install and it's no wonder they're taking their time to get everything back online.