In a press release on their website, Canonical Ltd announced that on 14 July there was a breach of Ubuntu’s forums leading to the theft of 1.82 million of it’s users’ details.
The attacker used a method known as “cross site scripting” or “XSS” which is a string of code that executes a command, in this case, to steal cookies from a logged in user. By sending this code, disguised as a hyperlink in a message to an administrator, the attacker was able to login.
Canonical has announced that “They used this access to download the ‘user’ table which contained usernames, email addresses and salted and hashed (using md5) passwords for 1.82 million users.”
What the hacker exhibited is a sophisticated mixture of techniques and a deep knowledge of the underlying forum software, vBulletin.
Although Cononical enforced good password storage policy and have acted swiftly to mitigate and prevent further, similar breaches in future, when hackers manage to obtain a list of known email addresses and passwords, this gives them the edge on hacking those users in future.
If a user repeats the same username and password across multiple websites, as they frequently do, their chances of falling victim to account takeover fraud, a form of identity theft, vastly increase. It would be strongly advisable for those users to change all of their passwords or to consider using a password management tool which can provide and remember unique, complex passwords.
Cononical press release: http://blog.canonical.com/2013/07/30/ubuntu-forums-are-back-up-and-a-post-mortem/