Popular Derbian-based Linux operating system (OS) Ubuntu's user forums have been hacked with over two million user details stolen that includes usernames, email addresses, and IP addresses. Ubuntu is one of the the most popular Linux distribution systems used for PCs, smartphones and network servers. .
Canonical Ltd which makes the OS says that user details of roughly two million users have been accessed by an unnamed attacker who was able to exploit an SQL (Structured Query Language) injection vulnerability. The method used is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution that helps the hacker to dump the database contents to his drive/system.
The company in their statement discussed the details of the hack saying:
At 20:33 UTC on 14th July 2016, Canonical's IS team were notified by a member of the Ubuntu Forums Council that someone was claiming to have a copy of the Forums database.
After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.
Jane Silber, Canonical CEO, however said that no passwords were taken via the SQL injection attack, and only limited user data was accessed and downloaded. As of now the exploited security bug has been corrected and service has been restored. The servers have also been wiped, rebuilt, hardened and the forum software was fully patched. However, it is advisable that one should change their login as soon as possible.