As many of you know, last Thursday there was an attack on Ubuntu Forums that allowed a hacker seizes the data of 2 million users of this meeting point of Ubuntu users.
Apparently the technology with which Ubuntu Forums was made had a vulnerability that the hacker knew about and took advantage of to get all that data. From Canonical, after learning about this attack, it shut down the servers, cleaned them and carried out various maintenance and cleaning tasks so that this does not happen again and also to know what has happened.
Damage to users from this attack on Ubuntu Forums has been minimal
As reported by Jane Silber in the official Ubuntu blog, the attack has affected only users who were not active, who did not have valid passwords, so most of the users are safe, however, measures must be taken in addition to the Taken by Canonical. Currently Ubuntu Forums users can use it in a normal and completely safe way as the changes have already been made.
However, from here We recommend that you change the password, the user's nickname if you can and want and even do it through an IP address other than the usual one, so that if it happens again, the hacker in question does not affect our day to day.
I personally believe that both the hacker's intent and the intent of the Jane Silber's post is to calm down the server administrators. It must be recognized that this attack on Ubuntu Forums calls into question the security of Canonical solutions and to Ubuntu technology. Although we must remember that in no case does the problem come from Ubuntu Server or any other Ubuntu server technology but rather from a vBulletin plugin, something that Canonical has nothing to do with, although its administrator does. In any case, Ubuntu Forums has been replaced and we can continue to use it with confidence.