A website dedicated to discussion of the Ubuntu Linux distribution was breached on Saturday, with hackers gaining access to encrypted passwords and email addresses.
The site, Ubuntuforums.org, will remain offline until it can be fixed, wrote Jane Silber, CEO of Canonical, a company that develops and provides services for the free, open-source operating system.
"We have begun the process of notifying by email all users whose details have been compromised," Silber wrote. "We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue."
According to a notice on Ubuntuforums.org, the forum was defaced around 8:11 PM UTC Saturday by hackers before it was taken offline about four minutes later. It is believed the attackers gained access to every person's local user name, encrypted passwords and email addresses from the database.
The encrypted passwords were "salted," an additional security measure that makes them more difficult to revert to their original form. Users are encouraged nonetheless to assume their passwords are now insecure, especially if people use the same password for other web services.
The site, Ubuntuforums.org, will remain offline until it can be fixed, wrote Jane Silber, CEO of Canonical, a company that develops and provides services for the free, open-source operating system.
"We have begun the process of notifying by email all users whose details have been compromised," Silber wrote. "We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue."
According to a notice on Ubuntuforums.org, the forum was defaced around 8:11 PM UTC Saturday by hackers before it was taken offline about four minutes later. It is believed the attackers gained access to every person's local user name, encrypted passwords and email addresses from the database.
The encrypted passwords were "salted," an additional security measure that makes them more difficult to revert to their original form. Users are encouraged nonetheless to assume their passwords are now insecure, especially if people use the same password for other web services.
No comments:
Post a Comment