NuData Security
  • Solutions
    • NuDetect for Account Takeover
    • NuDetect for Good User Validation
    • NuDetect for Continuous Validation
  • How It Works
    • Layers
      • Device Intelligence
      • Behavioral Analytics
      • Behavioral Biometrics
      • Trust Consortium
    • Interdictions
    • Integration
    • Mastercard Trusted Device
    • Connected Intelligence
  • Use Cases
    • Account Takeover
    • Good User Validation
    • Card Testing
    • Automated Attacks
    • New Account Fraud
    • Loyalty Fraud
    • Success Stories
  • Industries
    • Banking & Financial
    • eCommerce
    • Digital Goods
    • Healthcare
  • Resources
    • Articles
    • Blog
    • Brochures & Datasheets
    • Case Studies
    • Infographics
    • Videos
    • Webinars
    • Podcasts
    • Reports
    • FAQ
  • Company
    • Privacy by Design
    • Awards & Accolades
    • Careers
    • Events
    • News
    • Partners
    • Press Releases
  • Contact Us
  • Demo
  • Search
  • Menu Menu
  • Twitter
  • LinkedIn
  • Youtube
canonical logo

Ubuntu Forums Hacked – 1.82 Million Usernames Stolen

In a press release on their website, Canonical Ltd announced that on 14 July there was a breach of Ubuntu’s forums leading to the theft of 1.82 million of it’s users’ details.

The attacker used a method known as “cross site scripting” or “XSS” which is a string of code that executes a command, in this case, to steal cookies from a logged in user. By sending this code, disguised as a hyperlink in a message to an administrator, the attacker was able to login.

Often websites use cookies to ‘remember’ whether a user has logged in, by stealing the cookie of a logged in administrator, the attacker was able to take on their identity and never become asked for a password.

Canonical has announced that “They used this access to download the ‘user’ table which contained usernames, email addresses and salted and hashed (using md5) passwords for 1.82 million users.”

What the hacker exhibited is a sophisticated mixture of techniques and a deep knowledge of the underlying forum software, vBulletin.

Consequences

Although Cononical enforced good password storage policy and have acted swiftly to mitigate and prevent further, similar breaches in future, when hackers manage to obtain a list of known email addresses and passwords, this gives them the edge on hacking those users in future.

If a user repeats the same username and password across multiple websites, as they frequently do, their chances of falling victim to account takeover fraud, a form of identity theft, vastly increase. It would be strongly advisable for those users to change all of their passwords or to consider using a password management tool which can provide and remember unique, complex passwords.

Cononical press release: https://blog.canonical.com/2013/07/30/ubuntu-forums-are-back-up-and-a-post-mortem/

Similar Stories: Dmitriy Smilianets Charged in Largest US Data Breach, LulzSec Hacker Charged in Sony Entertainment Case

 

 

Tags: Account Takeover, Ubuntu
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://nudatasecurity.com/wp-content/uploads/2013/07/Canonical-Logo-Small-Original.png 272 320 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2013-07-30 16:26:172018-06-11 15:06:59Ubuntu Forums Hacked – 1.82 Million Usernames Stolen

More Like This

business-shaking-hands-bank

Here’s how NuData helped one bank improve user experience without compromising security

July 21, 2022
Does effective security have to come at the cost of user experience? Here’s how behavioral biometrics improves both.
https://nudatasecurity.com/wp-content/uploads/2022/07/iStock-business-shaking-hands.jpg 1414 2121 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2022-07-21 09:43:202022-07-21 09:43:20Here’s how NuData helped one bank improve user experience without compromising security

3 key takeaways from our Consumer and Risk Trends Report

June 29, 2022
How can businesses improve cybersecurity efforts in 2022? By understanding the tactics fraudsters use most.
https://nudatasecurity.com/wp-content/uploads/2022/06/Groupwork-team.jpg 1414 2120 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2022-06-29 14:48:342022-07-11 08:05:243 key takeaways from our Consumer and Risk Trends Report
Sinking-Piggy-Bank-Image

How much do fraudsters invest to take down your company?

June 14, 2022
Over our past few blogs, we’ve explored how device intelligence and behavioral analytics stop fraud in its tracks. But what type of fraud are we talking about, exactly?
https://nudatasecurity.com/wp-content/uploads/2022/06/Sinking-Piggy-Bank-Image.jpg 1414 2121 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2022-06-14 14:53:522022-06-14 14:53:52How much do fraudsters invest to take down your company?
22 Jul

Read here: The proof is in the pudding. Here’s how …

20 Jul

Read here: More fraud means stricter fraud protection measures, right? …

20 Jul

Read here: Start Something #Priceless @SU2C @MLB #AllStarGame 2

20 Jul

Read here: Whose watching the @MLB All-Star Game tonight? @MastercardNews …

18 Jul

Read here: Is your #cybersecurity strategy airtight, or could something …

Solutions

  • Solutions
  • NuDetect for Account Takeover
  • NuDetect for Good User Validation
  • NuDetect for Continuous Validation

Company

  • Company
  • News
  • Press Releases
  • Events
  • Awards & Accolades
  • Partners
  • Careers

Use Cases

  • Use Cases
  • Account Takeover
  • Good User Validation
  • Automated Attacks
  • New Account Fraud
  • Loyalty Fraud
  • Success Stories

Industries

  • Industries
  • Banking & Financial
  • eCommerce
  • Digital Goods

Resources

  • Resources
  • Articles
  • Blog
  • Brochures & Datasheets
  • Infographics
  • Videos
  • Webinars

Contact us

Still have questions?

Call: +1 (604) 800-3711
Twitter Linkedin Newsletter Youtube
© Mastercard Technologies Canada ULC 2022 - Terms of Service - Privacy Policy
Scroll to top