UKC

I just got this from the forums. I can't remember which sites have new passwords or not. Agggg.


Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

In reply to The Lemming:

1.8 million usernames, email addresses & salted encrypted passwords have been taken. A penguin has been left in return.

http://nakedsecurity.sophos.com/2013/07/23/ubuntu-users-relax-the-gun-totin...

In reply to The Lemming:

Just make sure that you never use the same password for any 2 sites!

In reply to interdit:

Could something similar happen to these shores on UKC?

In reply to The Lemming:

Yes, it's entirely possible. It'd have to be quite targetted as UKC run their own software, but it's quite crackable I'm sure (it's written in PHP).

In reply to The Lemming:

Can happen on any website. As long as the password has a salted hash then that's not a major problem.
Sites where you key in lots of personal details may be more of an issue - unlikely to have an kind of encryption and certainly not one way hashed, otherwise the owners of the website wouldn't be able to use the info.

UKC?
Who would bother? * Not 1.8 million names & email addresses to harvest on UKC.
Though you should still have a different password in here to every other site you use, especially if logging in with the same email address.

* someone that could hack UKC get your login details and guess that you use the same details for facebook etc - they then have an entry point for a crack on another website.