As many of you know, last Thursday there was an attack on Ubuntu Forums that allowed that a hacker takes over the data of 2 million users from this Ubuntu user meeting point.
Apparently the technology with which Ubuntu Forums was made had a vulnerability that the hacker knew about and took advantage of to obtain all this data. Since Canonical, after learning of this attack, turned off the servers, cleaned them and performed various maintenance and cleaning tasks so that this does not happen again and also to know what has happened.
The damage to users from this attack on Ubuntu Forums has been minimal
As reported by Jane Silber on the official Ubuntu blog, the attack has only affected users who were not active, who did not have valid passwords so most users are safe, but action must be taken in addition to taken by Canonical. Ubuntu Forums users can now use it normally and completely safely as changes have already been made.
However, from here we recommend that you change the password, the user nickname if you can and want to, and even do so via a different IP address than usual., Because if it happens again, the hacker in question will not affect our day to day.
Personally I think that both the intention of the hacker and the intention of the post by Jane Silber is to calm down server administrators. It must be acknowledged that this attack on Ubuntu Forums calls into question the security of Canonical’s solutions and Ubuntu technology. Although we must remember that in no case the problem comes from Ubuntu Server or any other Ubuntu server technology but rather from a vBulletin plugin, something in which Canonical has nothing to do, although if the your administrator. In any case, Ubuntu Forums has been a replacement and we can continue to use it with confidence.