Hackers Compromise Ubuntu Forums Database, Deface Website, And Make Off With The Encrypted Passwords and Email Addresses of Nearly 2 Million Users
Subject: General Tech | July 22, 2013 - 12:16 AM | Tim Verry
Tagged: ubuntu forums, ubuntu, hack, Data Breach, Customer Data, canonical
A group of hackers attacked and defaced the Canonical-backed Ubuntu Forums website yesterday. The hackers used an exploit to gain unauthorized access to the forum database and made off with data from approximately 1.82 million users. To make matters worse, the attackers then defaced the forum site itself by placing a landing page poking fun at the site administrators and boastfully including two twitter handles: @Sputn1k_ and a mention of @rootinabox.
Canonical has not released details on how the attackers accomplished the data breach, but stated that its security team is working to get the site back up and looking into what exactly happened.
From what has been discovered thus far, the hackers have reportedly made off with the passwords, usernames, and email addresses of all its users.
The company recommends that users change passwords on any other services immediately if they used their Ubuntu Forums password for log-ins on other websites or online services.
ZDNet managed to snag a screenshot of the defaced web page.
Fortunately, all of the passwords in the database were salted and hashed, and not stored in plain text. The exact hashing method was not detailed, however. Also, other Ubuntu services were not affected and user data in services such as Ubuntu One (Canonical’s cloud storage offering) is still safe.
If you had an account on the Ubuntu Forums and used the same password, you should change your passwords now just to be on the safe side. Users of the forum should keep an eye on this announcement page for more details on the hack and updates on the forum restoration process as it progresses.
Subject: Editorial, General Tech | May 5, 2011 - 11:31 PM | Tim Verry
Tagged: Netflix, Customer Data, Corporate theft
It seems as though this Spring season is just a bad time for customers' personally identifiable information. Especially in the wake of the Sony PSN and SOE attack fiasco, to have yet another large corporation found to be involved in compromised customer data is rather disheartening for customers who trust companies with their private information.
Update: LastPass has also reported a data breach, resulting in customers' emails being compromised. Luckily; however, users' passwords were salted and hashed so users accounts on other sites should not be compromised in contrast to the Sony case where the passwords were compromised.
Fortunately, in the case of Netlfix, they have determined who the responsible party was and have moved swiftly to address the issue. Maximum tech reports that an un-named call center employee for Netlfix was terminated for accessing customers' information without permission. On April 4, 2011 Netflix discovered that one of their call center employees had been accessing confidential information of a number of customers that he had spoken with over the phone. He was found to have accessed the name and credit card information of two customers in New Hampshire.
According to the article, Netflix is now in the process of notifying the two customers in question.
The amount of private data that customers entrust will be kept private by the companies that they do business with everyday is rather daunting. When large corporations like Sony and Netflix run into problems with keeping information secure, one has to wonder how much compromised information goes under the radar of the majority of people. While there is not much one can do to stop others accessing their data without permission once information has been lost in a data breach or as a result of corporate theft, people do have control over what information is given to compainies to begin with.
It may seem rather paradoxical for me to quote Sony of all people; however, they have definitely seen the consequenses and thus can assuredly recommend that customers stay vigilant and protect themselves from fraud. Using one time credit card numbers (if your bank/card provider offers this) or reloadable visa debit cards with just enough money on them fro the desired transactions can help to protect you from data breaches such as this. Further, only provide the minimum amount of information necessary for a transaction, especially if it's to a company that you're unsure about. While various forms of fraud protection can help, preventing yourself from ever needing to use fraud protection in the first place is the best thing you can do for yourself and your private data. "Remain vigilant."