"I Run Linux... It's SO Safe!" .... Yeah Right

So I opened my email today to find the following:

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

Ubuntu Forums is an online forums provided by Ubuntu for users to post questions, and to learn more about Ubuntu Linux. Their server that runs Ubuntu was running an app (this app created the website for the forums) which was hacked.

So to be clear: Linux wasn’t hacked, but an app that was running was, which was used as a way into the Linux O/S. This just goes to show you that you MUST be aware of updates and security issues for not just the O/S, but also any app you install…even “Server-Dudes” have to follow this rule! ;-)

Ouch…

-Dale