updated 11:59 am EDT, Mon July 22, 2013
Salted passwords, usernames, e-mail addresses taken, state Canonical
Forums for the Linux distribution Ubuntu have been hacked, with sensitive data for all members of the forum being seized in the intrusion. Usernames, passwords, and e-mail addresses for every user on the Canonical-operated forum has been taken in the attack, which is estimated to have affected around 1.82 million users.
A notice on the forum front page from Canonical states that passwords were stored as salted hashes rather than the less-secure plain text format, though the team recommends to forum members that they change the password on any other service where they use a combination of the leaked account credentials. Ubuntu One, Launchpad, and other Ubuntu or Canonical services are claimed to be unaffected.
The forums were closed on Saturday evening, reports Ars Technica, after it was discovered that the forum front page had been defaced. While two Twitter accounts are named in the defacement itself, the main handle on display has been removed from the service, while the other continues to be operational, if not heavily used.
The intrusion is the latest high-profile attack on a website in recent weeks. Ubisoft servers were compromised at the start of this month, leading to the loss of usernames, e-mails, and encrypted passwords. Late last month, government websites in both North and South Korea were attacked, seemingly timed to coincide with the anniversary of the start of the Korean War. While recent downtime of the iOS/OS X Developer Center was linked to a hacking attempt, a security researcher identified himself as the perpetrator, reported 13 bugs to Apple, and claimed to have obtained user details for over 100,000 accounts.