NuData Security
  • Solutions
    • NuDetect for Continuous Validation
    • NuDetect for Good User Validation
    • NuDetect for Account Takeover
    • NuDetect for Card Testing
    • NuDetect for OAO
    • Smart Interface 3DS 2.0
    • Trusted Device
  • How It Works
    • Layers
      • Device Intelligence
      • Behavioral Analytics
      • Passive Biometrics
      • Trust Consortium
    • Interdictions
    • Integration
    • Connected Intelligence
  • Use Cases
    • Account Takeover
    • Good User Validation
    • Card Testing
    • Automated Attacks
    • New Account Fraud
    • Loyalty Fraud
    • Success Stories
  • Industries
    • Banking & Financial
    • eCommerce
    • Digital Goods
    • Healthcare
  • Resources
    • Articles
    • Blog
    • Brochures & Datasheets
    • Case Studies
    • Infographics
    • Videos
    • Webinars
    • Podcasts
    • White Papers & Reports
    • COVID Resources
    • FAQ
  • Company
    • Privacy by Design
    • Awards & Accolades
    • Careers
    • Events
    • News
    • Partners
    • Press Releases
  • Contact Us
  • Demo
  • Search
  • Menu Menu
  • Twitter
  • LinkedIn
  • Youtube
canonical logo

Ubuntu Forums Hacked – 1.82 Million Usernames Stolen

In a press release on their website, Canonical Ltd announced that on 14 July there was a breach of Ubuntu’s forums leading to the theft of 1.82 million of it’s users’ details.

The attacker used a method known as “cross site scripting” or “XSS” which is a string of code that executes a command, in this case, to steal cookies from a logged in user. By sending this code, disguised as a hyperlink in a message to an administrator, the attacker was able to login.

Often websites use cookies to ‘remember’ whether a user has logged in, by stealing the cookie of a logged in administrator, the attacker was able to take on their identity and never become asked for a password.

Canonical has announced that “They used this access to download the ‘user’ table which contained usernames, email addresses and salted and hashed (using md5) passwords for 1.82 million users.”

What the hacker exhibited is a sophisticated mixture of techniques and a deep knowledge of the underlying forum software, vBulletin.

Consequences

Although Cononical enforced good password storage policy and have acted swiftly to mitigate and prevent further, similar breaches in future, when hackers manage to obtain a list of known email addresses and passwords, this gives them the edge on hacking those users in future.

If a user repeats the same username and password across multiple websites, as they frequently do, their chances of falling victim to account takeover fraud, a form of identity theft, vastly increase. It would be strongly advisable for those users to change all of their passwords or to consider using a password management tool which can provide and remember unique, complex passwords.

Cononical press release: https://blog.canonical.com/2013/07/30/ubuntu-forums-are-back-up-and-a-post-mortem/

Similar Stories: Dmitriy Smilianets Charged in Largest US Data Breach, LulzSec Hacker Charged in Sony Entertainment Case

 

 

Tags: Account Takeover, Ubuntu
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://nudatasecurity.com/wp-content/uploads/2013/07/Canonical-Logo-Small-Original.png 272 320 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2013-07-30 16:26:172018-06-11 15:06:59Ubuntu Forums Hacked – 1.82 Million Usernames Stolen

More Like This

Aite Report: 2021 Application Fraud Strategies

April 9, 2021
Over 50% of North American fraud executives report application fraud as their top pain point, and it is only getting worse.
https://nudatasecurity.com/wp-content/uploads/2021/04/Screen-Shot-2021-04-09-at-2.22.28-PM.png 1212 936 Akshay Gopal https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png Akshay Gopal2021-04-09 14:20:402021-04-12 14:00:58Aite Report: 2021 Application Fraud Strategies

Mastercard Cyber & Risk Summit

April 6, 2021
Mastercard is excited to bring back our global, completely free, Cyber & Risk Summit, from April 11-12, 2021, dedicated to the exploration of key themes defining the cyber, security and economic crime landscape of today and tomorrow.
https://nudatasecurity.com/wp-content/uploads/2021/04/Screen-Shot-2021-04-06-at-3.38.11-PM.png 1016 1876 Akshay Gopal https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png Akshay Gopal2021-04-06 15:36:052021-04-06 15:47:54Mastercard Cyber & Risk Summit

Passive Biometrics Help Battle SIM Swap Fraud

April 6, 2021
Interview with Rosemary O’Neill for NuData Security (in the EU) a Mastercard company, by PYMNTS on fighting sim swap fraud.
https://nudatasecurity.com/wp-content/uploads/2021/04/NuData-SIM-swap-fraud-1000x600-1.jpg 600 1000 Akshay Gopal https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png Akshay Gopal2021-04-06 10:07:322021-04-06 10:07:32Passive Biometrics Help Battle SIM Swap Fraud
12 Apr

Read here: Honored to receive the @andyawards “Brave Brand” award …

12 Apr

Read here: Even with the pandemic keeping us apart, our …

9 Apr

Read here: We’re bringing back our global, completely free, Cyber …

9 Apr

Read here: SIM swap fraud has more than doubled in …

9 Apr

Read here: We know you are out there – anywhere …

Solutions

  • Solutions
  • NuDetect for Continuous Validation
  • NuDetect for Account Takeover
  • Success Stories

Company

  • Company
  • News
  • Press Releases
  • Events
  • Awards & Accolades
  • Partners
  • Careers

Use Cases

  • Use Cases
  • Account Takeover
  • Good User Validation
  • Automated Attacks
  • New Account Fraud
  • Loyalty Fraud

Industries

  • Industries
  • Banking & Financial
  • eCommerce
  • Digital Goods

Resources

  • Resources
  • Articles
  • Blog
  • Brochures & Datasheets
  • Infographics
  • Videos
  • Webinars

Contact us

Still have questions?

Call: +1 (604) 800-3711
Twitter Linkedin Newsletter Youtube
© Mastercard Technologies Canada ULC 2021 - Terms of Service - Privacy Policy
Scroll to top