The Ubuntu online forums have been hacked and data belonging to over 2 Million users have been compromised, according to Jane Silber – Chief Executive Officer at Canonical. However it was the forum which was hacked and not the Ubuntu operating system. No vulnerability or weakness in the OS made the hackers to take down the forums.
Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience, Jane Silber added.
The compromised users data include their IP addresses, usernames, and email addresses. It is found that a known SQLi (SQL injection) vulnerability unpatched in the Forumrunner add-on in its Forums that exposed its users data. The SQL injection (SQLi) attack is an attack used to inject malicious SQL commands (malicious payloads) through the input data from the client to the application in order to breach the database and get access to the user’s personal data.
What Did The Hackers Managed To Access ?
- The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers. This gave them the ability to read from any table but we believe they only ever read from the ‘user’ table.
- They used this access to download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users. No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted).
SQLi vulnerability is one of the oldest but most powerful and most dangerous flaw that could affect any website or web application that uses an SQL-based database. No active passwords were accessed by the attackers as the Ubuntu Forums rely on Ubuntu Single Sign On for logins.