Ubuntu forums have been hacked, again. Details of 2 million users have been breached giving away usernames, email addresses and IP addresses. User passwords were not compromised. If you remember, this is a repetition of the massive hack in Jun 2013 giving away details to 1.82 million user accounts. Despite the measures being taken and the assurances, the incident is definitely going to hurt the popularity of the forum.
The root cause behind the hack is even more ridiculous – a known vulnerability in the Forumrunner add-on which had not yet been patched. This definitely shows the lackluster attitude of the forum admins towards user data. Far too many Linux users are very much concerned about their privacy and Ubuntu forums have failed them not once, but twice.
Canonical CEO Jane Silber has made the incident public in a blog post on Ubuntu Insights.
The team has worked on subsequent cleanup, extra backup and hardening by installing ModSecurity, a webapp firewall.
However, this may warrant a more concrete and long term plan by working on keeping the systems up to date, ensuring important security patches are applied as soon as they arrive. In any case, though it sounds harsh, we wouldn’t advice you not to trust Ubuntu forums with any important or private data.