Ubuntu Forums falls victim to hack attack -- 1.8 million passwords stolen

Well, it's happened again. If it's not the NSA spying on internet users, then someone else is always ready to spoil the fun. Yet another website has fallen prey to hackers, putting the personal details of hundreds of thousands of users at risk.

This time around, it is Ubuntu Forums that has been affected -- visit the site and you're greeted by the announcement that the forums are down for maintenance before some details of the security breach are revealed.

The bad news is that the user names, email addresses and passwords of every single one of the site's 1.8 million users have been nabbed.

The attack took place at 20:11 UTC June 20, starting with the defacement of the front page to advertise a Twitter account (@Spuntn1k_)  and included text that read: "None of this "y3w g0t haxd by albani4 c3blr 4rmy" stuff. Straight up, you dun goofed. It’s as simple as that".

It is unclear whether the owner of the Twitter account in question is responsible for the attack, but that account no longer exists.

Canonical is keen to stress that it is only Ubuntu Forums that have been breached and that the passwords were stored as salted hashes, not plain text. Ubuntu One, Launchpad and other Ubuntu/Canonical service accounts remain unaffected.

As Ubuntu Forums points out, a key concern stems from the fact that many people rely on the same username and email address for multiple sites and services. The advice in that instance is to change your login credentials on other sites, and keep an eye on Ubuntu Forums for updates.

Photo Credit: JMiks/Shutterstock