As a desktop OS, Linux leaves a lot to be desired compared to OS X or Windows. But one thing we’re always hearing about is the Linux community, a frequently-sweary place likeminded geeks can gather and work towards the greater good.
Well, that community — or at least one of its more prominent message boards — has been badly hacked.
Canonical announced today that its popular Ubuntu forums have been hacked. Attackers appear to have gather the user names, emails and IP addresses of two million users. Some passwords may have been accessed, although they were encrypted.
The company was at pains to point out that the Ubuntu code and update mechanisms were not affected, so it doesn’t pose a threat to the security of the underlying operating system. Still, it’s not a ringing endorsement of the company’s security policies, especially considering the hack was only possible because of a known security breach that hadn’t been patched.
In a statement, Canonical CEO Jane Silber said “There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience.”
As ever, affected users should change their password immediately, and watch out for any suspicious activity on other accounts that might have shared the same user/password combo.