Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ubuntu online forums hacked again by exploiting a known SQLi

The Ubuntu online forums have been hacked and the username, IP address, and email address of over two million users have been exposed. The Ubuntu online forums have been hacked for the second time in a few months and data of more than 2 Million users have been exposed. According to Ubuntu, the hackers exposed […]

Ubuntu online forums hacked again by exploiting a known SQLi

The Ubuntu online forums have been hacked and the username, IP address, and email address of over two million users have been exposed.

The Ubuntu online forums have been hacked for the second time in a few months and data of more than 2 Million users have been exposed.

According to Ubuntu, the hackers exposed users’ data including usernames, email addresses, and IP addresses. The data breach was caused by the failure in applying a patch to the Ubuntu online forums.

Ubuntu online forums hacked

The news was first reported by BetaNews that cited the official announcement from Canonical.

“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation.”  announced Jane Silber, Chief Executive Officer at Canonical. “Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience.”

Experts from Canonical discovered that hackers exploited a known SQL injection vulnerability in the Forumrunner add-on in Ubuntu online forums.

The administrators of the Ubuntu online forums failed to fix the security vulnerability, despite such kind of issues are easy to patch once detected.

This is really an embarrassing situation!

The attackers injected formatted SQL to the Forums database accessing the entire archive and included data.

The attackers used the above access to download portions of the ‘user’ table containing data belonging more than 2 Million users.

Fortunately, the passwords belonging to the Ubuntu online forums were Hashed and Salted as the Forums rely on Ubuntu Single Sign On for logins.

“We know the attacker was NOT able to gain access to any Ubuntu code repository or update mechanism.

We know the attacker was NOT able to gain access to valid user passwords.

We believe the attacker was NOT able to escalate past remote SQL read access to the Forums database on the Forums database servers.

We believe the attacker was NOT able to gain remote SQL write access to the Forums database.

We believe the attacker was NOT able to gain shell access on any of the Forums app or database servers.

We believe the attacker did NOT gain any access at all to the Forums front end servers.

We believe the attacker was NOT able to gain any access to any other Canonical or Ubuntu services.” added the blog post published by Ubuntu.

The incident raised a heated discussion about Canonical’s responsibility for the very bad patch management that exposed users data.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Ubuntu online forums, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]