Canonical warns that strangers had access to Ubuntu forum database
Canonical has issued a warning stating that unknown persons have accessed the Ubuntu forums database. They only read the user table with usernames, email addresses and IP addresses. There was no access to active passwords.
Instead of passwords, the table only contained random strings, because the forums use sso. These strings had a hash and a salt, according to Canonical. There was access to data of approximately 2 million users. The organization was made aware of the incident on Thursday, when someone claimed to have a copy of the forum database. After investigation it turned out that there had indeed been unauthorized access and the forum was taken offline.
The investigation revealed that the attacker entered through a sql injection leak in the Forumrunner add-on, which was not patched. The attacker could not access the Ubuntu repositories and write data to the database, the organization adds. It was also unable to open a shell.
Canonical reports that it has taken action by wiping and rebuilding all servers running the VBulletin forum software. The latest patches have also been implemented and all passwords have been reset. As additional measures, a ModSecurity firewall has been installed and more attention is paid to applying patches for VBulletin.