# Ubuntu Forums Hacked



## Zach (Jul 21, 2013)

My friend just showed me this over skype - http://ubuntuforums.org/announce.html.

http://www.zdnet.com/ubuntu-forums-hacked-1-82m-logins-email-addresses-stolen-7000018336/



> What we know
> 
> Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
> 
> ...


----------



## kaniini (Jul 21, 2013)

Well, they are using vBulletin MD5 hashing.  So, I would just assume your password to be owned now, as IIRC that isn't even salted.  Or the salt is the same for all passwords.  Or something silly like that.

Good thing I use crappy passwords for sites like those.


----------



## MannDude (Jul 21, 2013)

Yikes! At least they gave a proper and immediate response and chose to announce what may not be common sense for every user, that being the importance of changing any password that may be the same elsewhere that it was there.


----------



## wlanboy (Jul 21, 2013)

Thank god that I am using a password manager and random generated passwords per forum.


----------



## Ivan (Jul 21, 2013)

That rootinabox guy seems familiar, what other website(s) did he hack?


----------



## sv01 (Jul 21, 2013)

sadly  why someone attack website run by volunteer ? free of speech, free distro, free knowledge


----------



## WebSearchingPro (Jul 21, 2013)

Smells like summer!

But in all seriousness its a shame that someone would think of doing that to an org. that provides so much to the "hacker" community in way of linux development and spreading adoption.


----------



## scv (Jul 21, 2013)

Their definition of 'hacker' doesn't match up to the skid's definition of 'hacker' though. The good part is that it was defaced, tells you the kid's green behind the ears and probably didn't do anything exceptionally nefarious.


----------



## jarland (Jul 21, 2013)

Well that works. I can't say I care much about my Ubuntu forums account or the password used on it (old one that was leaked well over a year ago elsewhere). Pretty useless forum for the most part. The ratio of questions to answers is just insane and it makes the forum less approachable.


----------



## wlanboy (Jul 21, 2013)

I have read through some of the IRC logs...


1.8 million accounts leaked
did not update vBulletin
did not protect the admin panel
What a mess.

I really can't believe that someone hacked an .org community.

PS:

The source of the defaced site.

And the background music.


----------



## Jade (Jul 21, 2013)

That sounds like a complete mess. So many people's passwords lol


----------



## Aldryic C'boas (Jul 21, 2013)

sv01 said:


> why someone attack website run by volunteer ?


 


WebSearchingPro said:


> its a shame that someone would think of doing that to an org.


 


wlanboy said:


> I really can't believe that someone hacked an .org community.


It's really not all that surprising. Honestly, if you've been under the belief that skids do things for *any* reason other than immaturity and amusement, then you've been deluding yourself. There are some (including one on this forum) that claim to do things 'for a greater good' or other such bullshit - at the end of the day, they're just kids turned loose with a hammer. Breaking things 1) because they can, 2) because it amuses them, 3) because they haven't had a real sense of personal responsibility driven into them yet. Doesn't matter who or what is getting broken to them.


----------



## WebSearchingPro (Jul 21, 2013)

Aldryic C said:


> Doesn't matter who or what is getting broken to them.


Till their parents break their @$$ with that belt!


----------



## InfiniteTech (Jul 21, 2013)

sv01 said:


> sadly  why someone attack website run by volunteer ? free of speech, free distro, free knowledge


Not everyone likes free, especially big businesses which are being harmed by small organizations doing 'free' stuff.


----------



## Aldryic C'boas (Jul 21, 2013)

InfiniteTech said:


> Not everyone likes free, especially big businesses which are being harmed by small organizations doing 'free' stuff.


Now you're just getting into tinfoil hat territory.


----------



## kaniini (Jul 21, 2013)

wlanboy said:


> I really can't believe that someone hacked an .org community.


It seems kinda obvious to me... ubuntuforums.org is a high traffic site, so if you're a skid and you want to show people how much of an alleged badass you are, it'd be a pretty good target.  Plus, there's the "lulz value" that skids enjoy so much.


----------



## BlackoutIsHere (Jul 21, 2013)

WebSearchingPro said:


> Till their parents break their @$$ with that belt!


 Or if they get put in cuffs by the feds and locked up for a little while


----------



## peterw (Jul 22, 2013)

Aldryic C said:


> they're just kids turned loose with a hammer. Breaking things 1) because they can, 2) because it amuses them, 3) because they haven't had a real sense of personal responsibility driven into them yet.


You cannot attach importance to something if you never build up something of worth by yourself.

What drives them? A mixture of envy and inferiority complex. It's their only way to gain attention because they are not able to do anything that needs more than 5 minutes of work.


----------



## Mun (Jul 22, 2013)

What app do they use?


----------



## wlanboy (Jul 23, 2013)

Mun said:


> What app do they use?


vBulletin board - the SolusVM of php driven board software.


----------



## Mun (Jul 23, 2013)

Yep.


----------

